Security Affairs

MARCH 28, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving 272

Archiving File names Education Libraries 272

Security Affairs

MARCH 15, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving 275

Archiving Libraries File names Security 275

Security Affairs

OCTOBER 13, 2022

The attackers continue to use the HyperBro backdoor which is often loaded using the dynamic-link library (DLL) side-loading technique. The binary, which has the default name vf_host.exe, is usually renamed by the attackers in order to masquerade as a more innocuous file. ” reads the report published by the experts.

File names 363

File names Financial Services Manufacturing Libraries 363

Security Affairs

OCTOBER 18, 2022

Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library. To prevent analysis, the malware also cleans up created artifacts, overwriting the content of the dropped wlbsctrl.dll file before deleting it. . ” continues the report. Pierluigi Paganini.

File names 327

File names Encryption Manufacturing Libraries 327

Security Affairs

NOVEMBER 5, 2020

The name KilllSomeOne comes from the phrase ‘KilllSomeOne’ used in the DLL side-loading attacks, the group is using poorly-written English messages relating to political subjects. . Dynamic-link library (DLL) side-loading takes advantage of how Microsoft Windows applications handle DLL files. Pierluigi Paganini.

File names 300

File names Encryption Libraries IT 300

Security Affairs

FEBRUARY 23, 2019

Once the malware has infected a system drops two plain text files, one is a ransom note called “_FILES_ENCRYPTED_README.txt,” which gives information to the victim on what has happened and instruction to pay the ransom. Like other ransomware, the operators allow victims to unlock a file for free. Pierluigi Paganini.

Ransomware 277

Ransomware Encryption File names Libraries 277

Security Affairs

FEBRUARY 5, 2019

A security expert discovered a severe Remote Code Execution vulnerability in the popular LibreOffice and Apache OpenOffice. By exploiting the vulnerability it is possible to trigger the automatic execution of a specific python library included in the suite using a hidden onmouseover event. Security Affairs – Libre Office, hacking).

File names 279

File names Libraries Security IT 279

Security Affairs

OCTOBER 20, 2018

A security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206 , that affects older versions of the jQuery File Upload plugin since 2010. The plugin is widely adopted by numerous server-side platforms that support standard HTML form file uploads: PHP, Python, Ruby on Rails, Java, Node.js, Go, and others.

File names 277

File names Libraries Security Access 277

Security Affairs

JULY 26, 2022

Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL files. Pierluigi Paganini.

Passwords 260

Passwords File names Libraries Security 260

Security Affairs

OCTOBER 10, 2018

“These lure documents use titles with government , military, and diplomatic themes, and the file names are written in English or Cyrillic languages. The post New Gallmaker APT group eschews malware in cyber espionage campaigns appeared first on Security Affairs. ” continues Symantec. Pierluigi Paganini.

Military 270

Military File names Government Libraries 270

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. Usually, executables using the side-by-side feature will have these resources located in the embedded manifest file. exe8CBB75FEBFB4B0B7C3B6D3613386220C.

Libraries 334

Libraries Communications Phishing Encryption 334

Security Affairs

JULY 14, 2021

“The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files. We found multiple archives like this with file names of government entities in Myanmar, for example “COVID-19 Case 12-11-2020(MOTC).rar” ” reads the analysis published by Kaspersky.

Archiving 246

Archiving File names Government Libraries 246

Security Affairs

MARCH 30, 2023

“Unfortunately this happened because of an upstream library we use became infected.” ” The trojanized 3CXDesktopApp is the first stage in a multi-stage attack chain, the installers retrieve ICO files appended with base64 data from Github and ultimately leading to the deployment of 3rd stage information stealer.

File names 246

File names Manufacturing Libraries Cybersecurity 246

Security Affairs

FEBRUARY 19, 2019

Since the beginning of the year, security firms observed a new intense ransomware campaign spreading the Shade ransomware. Between January and February, a new, intense, ransomware campaign has been observed by many security firms. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”,

Ransomware 250

Ransomware Mining File names Encryption 250

Security Affairs

FEBRUARY 13, 2023

This approach allows the attacker to continuously update and eliminates reliance on fixed file names.” The second-stage malware, UpdatTask.dll , is a dynamic-link library (DLL) written in C++ that includes two export functions, DllEntryPoint and Entry. ” continues the report.

Archiving 246

Archiving File names Libraries Phishing 246

Security Affairs

JULY 8, 2023

The spear-phishing message appears as a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. The.rar archive contained a dropper named “Abraham Accords & MENA.pdf.lnk.”

Archiving 246

Archiving Cloud File names Metadata 246

Security Affairs

JULY 20, 2023

These commands include instructing the malware to upload log files, photos stored on the device, and acquire device location using the Baidu Location library.” ” reads the report published by Lookout. ” continues the report. ” The report also includes Indicators of Compromise (IoCs) for both spyware.

File names 246

File names Libraries Cybersecurity IT 246

Security Affairs

MARCH 2, 2019

This is part of a giant list of Living off the Land (LOL) techniques that attackers employ to mask their activities from runtime endpoint security monitoring tools such as AVs. File name: patent-2019-02-20T093A283A05-1.xls File name : 68131_46_20190219.doc Figure 20: Files that are part of MSI.

File names 274

File names Phishing Libraries IT 274

Security Affairs

JUNE 5, 2019

Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. “This malware, which we named BlackSquid after the registries created and main component file names, is particularly dangerous for several reasons.”

Mining 233

Mining File names Libraries IT 233

Security Affairs

MAY 7, 2019

The executable sample is a PE32 x86 file named “tester.exe”. This library provides access to the E X tension for F inancial S ervice (XFS) API, the communication interface needed to interact with AMT components such as PIN pad and cash dispenser. Technical Analysis. Figure 6: Discovering of PinPad and Dispenser components.

Libraries 236

Libraries e-Discovery Communications File names 236

Security Affairs

SEPTEMBER 5, 2018

Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group. Experts from security firm CrowdStrike have uncovered a new campaign associated with the GOBLIN PANDA APT group. ” reads the analysis published by CrowdStrike. Pierluigi Paganini.

Metadata 177

Metadata File names Libraries Government 177

Security Affairs

DECEMBER 4, 2018

Security experts at Yoroi – Cybaze Z-Lab discovered a new variant of the infamous Ursnif malware targeted Italian users through a malspam campaign. All the commands shown in Figure 11 are necessary to perform the operation of APC Injection: in the first variable “ $jtwhasq ” there is the import of the necessary library “ kernel32.dll

Archiving 263

Archiving File names Libraries Communications 263

Security Affairs

JUNE 5, 2020

There, the classical security notice informs us that macros are contained in the document and are disabled. The macro contained inside the document is quite minimal and does not contain dead code or other anti-analysis technique, a part of the random looking variable naming. Table 1: Static information about the sample. Code Snippet 4.

Manufacturing 324

Manufacturing File names IT Libraries 324

AIIM

APRIL 8, 2021

Security and access controls. Check-in and check-out are very similar to how a library works – when a book is checked out, nobody else has access to it until it is checked back in. This feature also reduces the need to store multiple copies and versions, and their associated naming conventions, in order to retain a document’s history.

ECM 243

ECM Cloud Access File names 243

Security Affairs

SEPTEMBER 4, 2019

The malware encrypts all the files whose extension is not present in the list. Figure 4: Content of “key” file contained in “C:ProgramData”. During the encryption phase, JSWorm writes a suspicious file named “key.Infection_ID.JSWRM” in “C:ProgramData”.It It contains the AES key used to encrypt the files.

Ransomware 266

Ransomware Encryption File names Libraries 266

Security Affairs

JULY 7, 2020

However, in this new release, two DLL files are distributed. VBS file leverages the Windows rundll32 library to inject the first DLL into memory (P-14-7.dll), Figure 6: Deofuscated VBS file – Lampion trojan July 2020. LNK files from the Windows startup folder. VBS files from the Windows startup folder.

Communications 331

Communications Cloud Phishing Encryption 331

Security Affairs

MAY 2, 2019

On April 19 2019 researchers at Chronicle, a security company owned by Google’s parent company, Alphabet, have examined the leaked tools , exfiltrated the past week on a Telegram channel, and confirmed that they are indeed the same ones used by the OilRig attackers. The panel reads those files and implements stats and actions.

Computer and Electronics 278

Computer and Electronics Communications Government Security 278

Security Affairs

DECEMBER 29, 2019

A randomly named folder is created in the Windows AppData directory that will keep the malicious files. Figure 15: Some operations are performed, such as create folders on AppData and setting the default process security level with VBScript – (3/5). Two files are obtained from 2 AWS S3 buckets. At the moment, the file 0.zip

Passwords 246

Passwords e-Discovery IT Cleanup 246

Gimmal

NOVEMBER 21, 2024

Limited Sorting and Filtering : Users can only sort and filter files based on basic attributes like name and date within a folder, restricting efficient data retrieval. Ineffective Search Capabilities : Without additional metadata, searches are limited to file names or basic content, making it difficult to perform targeted searches.

Metadata 52

Metadata Information governance Government Records Management 52

eSecurity Planet

FEBRUARY 3, 2021

Since then, much has been learned about the tactics, techniques, and procedures (TTPs) deployed and what steps organizations are taking to harden their network and application security. Former Department of Homeland Security (DHS) officials noted “this could be an extremely serious breach of security.” federal agencies.

Cybersecurity 63

Cybersecurity Access Authentication Cloud 63

Security Affairs

SEPTEMBER 12, 2019

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” The hackers registered at least 20 new domain names through the Freenom domain provider that offers free top-level domain names. Pierluigi Paganini.

Phishing 259

Phishing Libraries File names Metadata 259

Security Affairs

OCTOBER 31, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. Recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. since August. Mail: XXXXXXXXX.

File names 283

File names Libraries Ransomware Security 283

Security Affairs

APRIL 14, 2020

“The emails all contained a malicious Rich Text Format (RTF) phishing lure with the file name 20200323- sitrep -63- covid -19. ” The messages use a weaponized rich text format (RTF) attachment that exploits the CVE-2012-0158 buffer overflow in Microsoft’s ListView / TreeView ActiveX controls in MSCOMCTL.OCX library.

Ransomware 361

Ransomware Phishing File names Government 361

Security Affairs

SEPTEMBER 3, 2020

The second layer of Python code decodes and loads to memory the main RAT and the imported libraries. The new infection chain starts by including just one LNK file in the ZIP archive attached to spear-phishing messages. The post Evilnum APT used Python-based RAT PyVil in recent attacks appeared first on Security Affairs.

Phishing 363

Phishing Encryption File names Metadata 363

Security Affairs

FEBRUARY 18, 2025

“In addition, when copying files, Winnti Loader changes the file name to one consisting of an underscore and 5-9 alphabetic characters (e.g., “_syFig.dll” or “_TcsTgyqmk.dll”). The Winnti Loader then dynamically loads the copied libraries and deletes the copied files once the loading is complete.”

Manufacturing 310

Manufacturing File names Libraries Encryption 310