File names and Libraries - Information Management Today

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. As of September 5, 2024, the Internet Archive held more than 42.1 million print materials, 13 million videos, 1.2

Archiving

Archiving Data breaches Passwords File names

Researchers disclose critical sandbox escape bug in vm2 sandbox library

Security Affairs

APRIL 9, 2023

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. servers, it has approximately four million weekly downloads and its library is part of 722 packages. servers, it has approximately four million weekly downloads and its library is part of 722 packages.

Libraries

Libraries File names Education Cybersecurity

Malicious npm packages spotted delivering njRAT Trojan

Security Affairs

DECEMBER 1, 2020

The script attempted to download and execute a file named patch.exe that was used to install the njRAT remote access trojan. In early November, the same team of researchers discovered an npm package that contains malicious code designed to steal sensitive Discord and browser files.

Libraries

Libraries File names Access Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Ransomware

Ransomware Libraries File names Encryption

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

Security Affairs

MARCH 3, 2020

Hash 757dfeacabf4c2f771147159d26117818354af14050e6ba42cc00f4a3d58e51f Threat Kimsuky loader Brief Description Scr file, initial loader Ssdeep 12288:APWcT1z2aKqkP/mANd2JiEWKZ52zfeCkIAYfLeXcj6uuLl:uhT1z4q030JigZUaULeXc3uLl. Figure 2: Written file (AutoUpdate.dll) in the “%AppData%LocalTemp” path. Table 2: AutoUpdate.dll Information.

IT

IT File names Libraries Communications

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Security Affairs

MARCH 28, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving

Archiving File names Education Libraries

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Security Affairs

SEPTEMBER 16, 2024

User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.” “The specific flaw exists within the way Internet Explorer prompts the user after a file is downloaded. ” reads the advisory published by ZDI. states Trend Micro.

Archiving

Archiving File names Libraries Passwords

Recently fixed WinRAR bug actively exploited in the wild

Security Affairs

MARCH 15, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving

Archiving Libraries File names Security

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

The name KilllSomeOne comes from the phrase ‘KilllSomeOne’ used in the DLL side-loading attacks, the group is using poorly-written English messages relating to political subjects. . Dynamic-link library (DLL) side-loading takes advantage of how Microsoft Windows applications handle DLL files.

File names

File names Encryption Libraries IT

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library. To prevent analysis, the malware also cleans up created artifacts, overwriting the content of the dropped wlbsctrl.dll file before deleting it. . ” continues the report.

File names

File names Encryption Manufacturing Libraries

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The attackers continue to use the HyperBro backdoor which is often loaded using the dynamic-link library (DLL) side-loading technique. The binary, which has the default name vf_host.exe, is usually renamed by the attackers in order to masquerade as a more innocuous file. ” reads the report published by the experts.

File names

File names Financial Services Manufacturing Libraries

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

Once the malware has infected a system drops two plain text files, one is a ransom note called “_FILES_ENCRYPTED_README.txt,” which gives information to the victim on what has happened and instruction to pay the ransom. Like other ransomware, the operators allow victims to unlock a file for free.

Ransomware

Ransomware Encryption File names Libraries

0Patch released unofficial security patch for new DogWalk Windows zero-day

Security Affairs

JUNE 8, 2022

.” “The vulnerability lies in the Microsoft Diagnostic Tool’s sdiageng.dll library, which takes the attacker-supplied folder path from the package configuration XML file inside the diagcab archive, and copies all files from that folder to a local temporary folder.”

Security

Security File names Libraries Archiving

Severe bug in LibreOffice and OpenOffice suites allows remote code execution

Security Affairs

FEBRUARY 5, 2019

By exploiting the vulnerability it is possible to trigger the automatic execution of a specific python library included in the suite using a hidden onmouseover event. The expert pointed out that the python file, named “pydoc.py,” is already included in the LibreOffice software.

File names

File names Libraries Security IT

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

“These lure documents use titles with government , military, and diplomatic themes, and the file names are written in English or Cyrillic languages. These documents are not very sophisticated, but evidence of infections shows that they’re effective.” ” continues Symantec.

Military

Military File names Government Libraries

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Security Affairs

JULY 26, 2022

Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL files. In such attacks, malware places a spoofed malicious DLL file in a Windows’ WinSxS directory so that the operating system loads it instead of the legitimate file.

Passwords

Passwords File names Libraries Security

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

“The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files. We found multiple archives like this with file names of government entities in Myanmar, for example “COVID-19 Case 12-11-2020(MOTC).rar” ” reads the analysis published by Kaspersky.

Archiving

Archiving File names Government Libraries

Thousands of applications affected by a zero-day issue in jQuery File Upload plugin

Security Affairs

OCTOBER 20, 2018

The plugin is widely adopted by numerous server-side platforms that support standard HTML form file uploads: PHP, Python, Ruby on Rails, Java, Node.js, Go, and others. Cashdollar discovered two PHP files named upload.php and UploadHandler.php in the package’s source, which contained the file upload code.

File names

File names Libraries Security Access

3CX voice and video conferencing software victim of a supply chain attack

Security Affairs

MARCH 30, 2023

“Unfortunately this happened because of an upstream library we use became infected.” ” The trojanized 3CXDesktopApp is the first stage in a multi-stage attack chain, the installers retrieve ICO files appended with base64 data from Github and ultimately leading to the deployment of 3rd stage information stealer.

File names

File names Manufacturing Libraries Cybersecurity

Enigma info-stealing malware targets the cryptocurrency industry

Security Affairs

FEBRUARY 13, 2023

This approach allows the attacker to continuously update and eliminates reliance on fixed file names.” The second-stage malware, UpdatTask.dll , is a dynamic-link library (DLL) written in C++ that includes two export functions, DllEntryPoint and Entry. ” continues the report.

Archiving

Archiving File names Libraries Phishing

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. Usually, executables using the side-by-side feature will have these resources located in the embedded manifest file. exe8CBB75FEBFB4B0B7C3B6D3613386220C.

Libraries

Libraries Communications Phishing Encryption

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”,

Ransomware

Ransomware Mining File names Encryption

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

These commands include instructing the malware to upload log files, photos stored on the device, and acquire device location using the Baidu Location library.” ” reads the report published by Lookout. ” continues the report. ” The report also includes Indicators of Compromise (IoCs) for both spyware.

File names

File names Libraries Cybersecurity IT

ATMitch: New Evidence Spotted In The Wild

Security Affairs

MAY 7, 2019

The executable sample is a PE32 x86 file named “tester.exe”. This library provides access to the E X tension for F inancial S ervice (XFS) API, the communication interface needed to interact with AMT components such as PIN pad and cash dispenser. Technical Analysis. Figure 6: Discovering of PinPad and Dispenser components.

Libraries

Libraries e-Discovery Communications File names

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

File name: patent-2019-02-20T093A283A05-1.xls However, as already mentioned at the beginning of the technical analysis, SI-LAB team obtained two types of files, namely xls and doc archives. File name : 68131_46_20190219.doc Analyzing the MSI file – The installer/dropper of infamous FlawedAmmyy.

File names

File names Phishing Libraries IT

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

“This malware, which we named BlackSquid after the registries created and main component file names, is particularly dangerous for several reasons.” According to the experts, BlackSquid has worm-like propagation capabilities and it can be used to launch brute-force attacks. ” states Trend Micro.

Mining

Mining File names Libraries IT

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

At the provided URL, a password-encrypted.rar file named “Abraham Accords & MENA.rar” was hosted. The.rar archive contained a dropper named “Abraham Accords & MENA.pdf.lnk.” It generates a system identifier by combining the operating system name, hostname, and a random number.

Archiving

Archiving Cloud File names Metadata

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Security Affairs

SEPTEMBER 5, 2018

“Two exploit documents with Vietnamese-language file names were observed with file metadata unique to the GOBLIN PANDA adversary.” As part of this campaign, new exploit documents were identified with Vietnamese-language lures and themes, as well as Vietnam-themed, adversary-controlled infrastructure.”

Metadata

Metadata File names Libraries Government

Dissecting the latest Ursnif DHL-Themed Campaign

Security Affairs

DECEMBER 4, 2018

The second stage of the infection chain is the “ ppc.cab ” file downloaded by the dropper to the “ %APPDATA%Roaming ” location: it actually is a Microsoft Cabinet archive embedding an executable file named “ puk.exe ”. Figure 11: Commands of the third row of “ddraxpps” key.

Archiving

Archiving File names Libraries Communications

What are the Best Document Management Capabilities?

AIIM

APRIL 8, 2021

Check-in and check-out are very similar to how a library works – when a book is checked out, nobody else has access to it until it is checked back in. This feature also reduces the need to store multiple copies and versions, and their associated naming conventions, in order to retain a document’s history. Security and access controls.

ECM

ECM Cloud Access File names

New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain

Security Affairs

JUNE 5, 2020

The macro contained inside the document is quite minimal and does not contain dead code or other anti-analysis technique, a part of the random looking variable naming. If the download is successful, the malware reads raw bytes from the downloaded file and transforms them into ready to execute powershell code. Figure 3: Extracted Macro.

Manufacturing

Manufacturing File names IT Libraries

JSWorm: The 4th Version of the Infamous Ransomware

Security Affairs

SEPTEMBER 4, 2019

The malware encrypts all the files whose extension is not present in the list. Figure 4: Content of “key” file contained in “C:ProgramData”. During the encryption phase, JSWorm writes a suspicious file named “key.Infection_ID.JSWRM” in “C:ProgramData”.It It contains the AES key used to encrypt the files.

Ransomware

Ransomware Encryption File names Libraries

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Security Affairs

JULY 7, 2020

However, in this new release, two DLL files are distributed. VBS file leverages the Windows rundll32 library to inject the first DLL into memory (P-14-7.dll), Figure 6: Deofuscated VBS file – Lampion trojan July 2020. LNK files from the Windows startup folder. VBS files from the Windows startup folder.

Communications

Communications Cloud Phishing Encryption

APT34: Glimpse project

Security Affairs

MAY 2, 2019

The command and control is implemented by a standalone.NET application working through files. The backend, a nodeJS server, runs and offers Public API and and saves, requests to agents, and results from agents, directly into files named with “UID-IP” convention acting as agent ID.

Computer and Electronics

Computer and Electronics Communications Government Security

Leveraging Metadata for Enhanced Information Governance

Gimmal

NOVEMBER 21, 2024

Limited Sorting and Filtering : Users can only sort and filter files based on basic attributes like name and date within a folder, restricting efficient data retrieval. Ineffective Search Capabilities : Without additional metadata, searches are limited to file names or basic content, making it difficult to perform targeted searches.

Metadata

Metadata Information governance Government Records Management

A new trojan Lampion targets Portugal

Security Affairs

DECEMBER 29, 2019

As observed, the output shows us two AWS-hosted addresses that contain two malicious files, namely: hxxps[:]//fucktheworld.s3.us-east-2.amazonaws[.]com/0.zip zip file is a DLL with additional code loaded by PE File P-19-2.dll At the moment, the file 0.zip To get details about the library inside the 0.zip

Passwords

Passwords e-Discovery IT Cleanup

Shared Drive Cleanup Success Story

The Texas Record

JANUARY 25, 2019

The departmental structure of the ARIS division at the Texas State Library and Archives Commission (TSLAC). In addition, we encouraged the practice of creating README files, which have a description of their respective folder with information regarding its retention and other information (e.g. Creation of README Files (PDF).

Cleanup

Cleanup Records Management File names Archiving

SAA RMS bibliography completed in Zotero. for now!

The Schedule

AUGUST 10, 2018

The SAA Records Management Section steering committee has been working hard over the past several years to improve upon the records management bibliography that was disseminated in 2008 (and, in case you’re interested in historical RM documentation, is available on our microsite at [link] — file name RMRTBibliography2012.pdf

Records Management

Records Management Libraries File names Access

Mekel 2.0 Adds Features for Maximum Production Efficiencies

Info Source

JUNE 24, 2019

. · OCR title naming (all models) : The optical character recognition (OCR) function recognizes title bar (microfiche) or title image (microfilm) text. has been designed to be fully supported in Windows 10 Professional (64-bit) and is adaptable for future Windows generations.

Archiving

Archiving File names Marketing Manufacturing

Florida Home Economics Association Scrapbooks

Archives Blogs

MARCH 25, 2020

Being a tethered system, all images are automatically and instantly transferred from the camera to the computer where the Capture One software handles basic editing of the images including color correction, cropping, file naming, and exporting the final images to our internal server before being loaded into the FSU Digital Library.

Libraries

Libraries File names

Visual Cues and Clues: Born-Digital Photographs and their Metadata

Unwritten Record

OCTOBER 5, 2021

Accessing File Metadata on a PC. Select the file you would like to review in “File Explorer.”. Right click the file name and select “Properties.”. A box will pop up that includes various information about the file, and you should select the tab labeled “Details.”.

Metadata

Metadata Archiving Access File names

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

SEPTEMBER 12, 2019

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” The hackers registered at least 20 new domain names through the Freenom domain provider that offers free top-level domain names.

Phishing

Phishing Libraries File names Metadata

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload. The problem: software can be mighty complex, made up of components, development frameworks, operating system features, libraries, and more.

Cybersecurity

Cybersecurity Access Authentication Cloud

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

“The emails all contained a malicious Rich Text Format (RTF) phishing lure with the file name 20200323- sitrep -63- covid -19. ” The messages use a weaponized rich text format (RTF) attachment that exploits the CVE-2012-0158 buffer overflow in Microsoft’s ListView / TreeView ActiveX controls in MSCOMCTL.OCX library.

Ransomware

Ransomware Phishing File names Government

Internet Archive data breach impacted 31M users

Researchers disclose critical sandbox escape bug in vm2 sandbox library

Webinars

Trending Sources

Malicious npm packages spotted delivering njRAT Trojan

Webinars

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

The North Korean Kimsuky APT threatens South Korea evolving its TTPs

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Recently fixed WinRAR bug actively exploited in the wild

New KilllSomeOne APT group leverages DLL side-loading

China-linked APT41 group targets Hong Kong with Spyder Loader

China-linked Budworm APT returns to target a US entity

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

0Patch released unofficial security patch for new DogWalk Windows zero-day

Severe bug in LibreOffice and OpenOffice suites allows remote code execution

New Gallmaker APT group eschews malware in cyber espionage campaigns

Threat actors leverages DLL-SideLoading to spread Qakbot malware

China-linked LuminousMoth APT targets entities from Southeast Asia

Thousands of applications affected by a zero-day issue in jQuery File Upload plugin

3CX voice and video conferencing software victim of a supply chain attack

Enigma info-stealing malware targets the cryptocurrency industry

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

The Long Run of Shade Ransomware

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

ATMitch: New Evidence Spotted In The Wild

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Iran-linked APT TA453 targets Windows and macOS systems

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Dissecting the latest Ursnif DHL-Themed Campaign

What are the Best Document Management Capabilities?

New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain

JSWorm: The 4th Version of the Infamous Ransomware

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

APT34: Glimpse project

Leveraging Metadata for Enhanced Information Governance

A new trojan Lampion targets Portugal

Shared Drive Cleanup Success Story

SAA RMS bibliography completed in Zotero. for now!

Mekel 2.0 Adds Features for Maximum Production Efficiencies

Florida Home Economics Association Scrapbooks

Visual Cues and Clues: Born-Digital Photographs and their Metadata

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Guarding Against Solorigate TTPs

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Stay Connected