File names and Passwords - Information Management Today

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

31M records breached The breach exposed user records including email addresses, screen names and bcrypt password hashes. HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes. Internet Archive hacked.

Archiving

Archiving Data breaches Passwords File names

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. The campaign observed by researchers used a phishing message with an HTML file attachment.

Encryption

Encryption File names Phishing Passwords

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

The Java-based STRRAT RAT was distributed in a massive spam campaign, the malware shows ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them. “The RAT has a focus on stealing credentials of browsers and email clients, and passwords via keylogging.

Ransomware

Ransomware File names Encryption Passwords

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

“Once encrypted, the system displays a ransom note including the actor’s email address, ransomware file name, the host system name, and a place to enter the decryption key.” If DiskCryptor is not used by the organization, add the key artifact files used by DiskCryptor to the organization’s execution blacklist. .

Ransomware

Ransomware Encryption File names Passwords

Fake Falcon crash reporter installer used to target German Crowdstrike users

Security Affairs

JULY 28, 2024

The installer featured CrowdStrike branding, German language localization, and required a password to install malware. This spearphishing page presented the targeted victim with a download link to a ZIP file containing a malicious InnoSetup installer.” com/crowdstrike/. “The website it[.]com dat and Java8Runtime.exe ).

Passwords

Passwords Phishing File names Metadata

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

The website was distributing a file named WSHSetup.exe, it is the downloader for both the CoronaVirus Ransomware and the Kpot password-stealer. Upon execution, the executable will attempt to download several files from a remote web site, at the time of the analysis, only a few of them were available.

Ransomware

Ransomware Passwords File names Encryption

“gitgub” malware campaign targets Github users with RisePro info-stealer

Security Affairs

MARCH 17, 2024

The researchers noticed that the users must unpack several layers of archives using the password “GIT1HUB1FREE,” which is provided in the README.md file, to access the installer named “Installer_Mega_v0.7.4t.msi.” All unique passwords are stored in a file named “brute.txt”.

Passwords

Passwords File names Archiving Cybersecurity

New ransomware group Hive leaks Altus group sample files

Security Affairs

JUNE 26, 2021

The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. The sample archive is password protected – but the file names and types are clearly visible. Altus Group has been informed about the new development.

Ransomware

Ransomware File names Archiving Encryption

19 petabytes of data exposed across 29,000+ unprotected databases

Security Affairs

MAY 7, 2021

This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, all easily searchable and conveniently stored in one place. Can’t come up with a strong password? Most organizations use databases to store sensitive information. What were we looking at?

Passwords

Passwords Authentication Access File names

Iran-linked group APT33 adds new Tickler malware to its arsenal

Security Affairs

AUGUST 28, 2024

The group continued to carry out password spray attacks targeting the educational sector for infrastructure procurement and focused on the satellite, government, and defense sectors for intelligence gathering. The first sample, contained in a file named Network Security.zip including: YAHSAT NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20240421.pdf.exe

IT

IT Education File names Passwords

Monero Cryptocurrency campaign exploits ProxyLogon flaws

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names

File names Archiving Passwords Communications

STOP ransomware encrypts files and steals victim’s data

Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. The STOP ransomware made the headlines because it is installing password-stealing Trojans on the victims’ machines. ” reads a blog post published by Bleepingcomputer.

Encryption

Encryption Ransomware Passwords File names

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

Turla operators used the scripts to exfiltrate keys used to secure the password databases of popular password management software. killme” : Create a BAT file (see below) with a name based on the current tick count. The cybersecurity firm identified three different TinyTurla-NG samples, and gained access to two of them.

CMS

CMS File names Passwords Access

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

To access the internal MySQL database, the malware reads credentials from Linknat VOS2009 and VOS3000 configuration files. “Interestingly, the password from the configuration file is stored encrypted. The CDRThief can start from any location on the disk, using any file name. ” continues the analysis.

Metadata

Metadata Encryption File names Passwords

APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity

Security Affairs

NOVEMBER 10, 2022

.” The researchers discovered an Arbitrary File Write vulnerability, an attacker can exploit the issue to control the msPKIAccountCredentials LDAP attribute and add a malicious Roaming Token entry where the identifier string contains directory traversal characters. ” concludes the report.

File names

File names Passwords Phishing Encryption

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Security Affairs

FEBRUARY 23, 2020

The malicious documents trick victims into inserting a password contained in the message to view their contents. The VB script in the maldocs is activated once the user enters the correct password for the document, a technique was already observed by other attackers in the wild.

Government

Government File names Passwords Phishing

Avast released a free decryptor for TargetCompany ransomware

Security Affairs

FEBRUARY 7, 2022

The experts warn that the decryptor consumes most of the processor’s computing power in order to retrieve the password, the cracking process may take up to tens of hours. “During password cracking, all your available processor cores will spend most of their computing power to find the decryption password. .

Ransomware

Ransomware Encryption Passwords File names

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

FEBRUARY 10, 2024

The researchers noticed that the backdoor contained a plist file named ‘test’. Some configurations also include specific instructions about what data to collect, such as the maximum size and maximum number of files, as well as lists of targeted extensions and directories, or directories to exclude” Bitdefender continues.

Ransomware

Ransomware File names Passwords IT

Unnamed Ransomware gang uses a Python script to encrypt VMware ESXi servers

Security Affairs

OCTOBER 5, 2021

The ransomware operators then executed a tiny Python script (6kb) to encrypt all virtual disks and VM settings files of the virtual machines hosted on the server. ” reads the Sophos analysis. “One by one, the attackers executed the Python script, passing the path to datastore disk volumes as an argument to the script. .”

Encryption

Encryption Ransomware File names Passwords

Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia

Security Affairs

DECEMBER 15, 2021

A suspected ScreenConnect setup MSI appeared to have been delivered in a zipped file named “Special discount program.zip”, suggesting that it arrived in a spear-phishing email.” In the case of two tools – SharpChisel and Password Dumper – identical versions were used in this campaign to those that were documented by Trend.”

File names

File names Passwords Phishing Archiving

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

Security Affairs

MARCH 30, 2020

“Current malspam campaigns feature booby-trapped document files named “COVID 19 relief” and subject lines relying on the same theme. Sphinx’s targets have not changed from its past configuration files as it continues to focus on banks in the US, Canada, and Australia.” ” continues the post.”Next,

File names

File names Passwords Sales Government

“Collection #1” Data Breach Analysis – Part 1

Security Affairs

JANUARY 19, 2019

One of the first questions I wanted to answer was: “ What are the most used passwords ? “. I am aware that many researches wrote about the most used passwords, but now I do have the opportunity to measure it. To get real used passwords and to evaluate the reality. So let’s see what are the most used passwords out there!

Data breaches

Data breaches Passwords File names Sales

U.S. CISA adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 17, 2024

User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.” The specific flaw exists within the way Internet Explorer prompts the user after a file is downloaded. reads the advisory published by ZDI. The flaw impacts WhatsUp Gold versions released before 2024.0.0.

IT

IT File names Cybersecurity Encryption

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Security Affairs

JULY 26, 2022

In this campaign, the spam message contains an HTML file that has base64 encoded images and a password-protected ZIP file. The password-protected zip file contains an ISO file (i.e. iso ), and the password for opening it is reported in the HTML file. Report Jul 14 47787.iso

Passwords

Passwords File names Libraries Security

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts using weak passwords. ” reads the advisory published by the vendor.

Ransomware

Ransomware Encryption Passwords File names

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

The botnet used a modified version of Mimikatz to steal credentials and any other passwords of the compromised network, then send them back to the C2 for reuse. The C2 share the passwords with other modules that attempt to verify their validity on other systems using SMB and RDP protocols. .

Mining

Mining File names Passwords Communications

Introducing the PhishingKitTracker

Security Affairs

JULY 17, 2020

Almost every file into the raw folder is malicious so I strongly recommend you to neither open these files, nor misuse the code to prank your friends. Playing with these kits may lead to irreversible consequences which may affect anything from personal data to passwords and banking information. NB: Large File System Hahead.

Phishing

Phishing File names Archiving IT

Microsoft Vancouver leaking website credentials via overlooked DS_STORE file

Security Affairs

DECEMBER 8, 2021

The metadata stored on the file led the researchers to several WordPress database dumps, which contained multiple administrator usernames and email addresses, as well as the hashed password for the Microsoft Vancouver website.

Passwords

Passwords Metadata File names Phishing

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Security Affairs

SEPTEMBER 16, 2024

User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.” “The specific flaw exists within the way Internet Explorer prompts the user after a file is downloaded. ” reads the advisory published by ZDI.

Archiving

Archiving File names Libraries Passwords

Chinese threat actor exploits old ThinkPHP flaws since October 2023

Security Affairs

JUNE 7, 2024

The attacks detected by Akamai exploit the flaws to download a file named “public.txt” from a compromised server in China. This file is saved on victims’ systems as “roeter.php,” likely a misspelling of “router.” ” continues the analysis.

File names

File names Passwords Access Cloud

A flaw in MySQL could allow rogue servers to steal files from clients

Security Affairs

JANUARY 21, 2019

A rogue server could send a LOAD DATA LOCAL statement to the client to get access to any file for which the client has read permission. “In theory, a patched server could be built that would tell the client program to transfer a file of the server’s choosing rather than the file named by the client in the LOAD DATA statement.”

Passwords

Passwords File names Access Sales

Experts warn of backdoor-like behavior within Gigabyte systems

Security Affairs

MAY 31, 2023

Upon analyzing of the impacted UEFI firmware, the researchers identified a file named File Name: 8ccbee6f7858ac6b92ce23594c9e2563ebcef59414b5ac13ebebde0c715971b2.bin .” Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue.

File names

File names Risk Passwords Security

Ursnif campaign targets Italy with a new infection Chain

Security Affairs

MARCH 17, 2020

This brand new Ursnif campaign is delivered as a malicious mail containing a password protected document: Hash e9697d963d66792a91991e64537707a94f466421615277d91675b83a408eef93 Threat Ursnif document dropper Brief Description Ursnif Document Dropper Password Protected Ssdeep 12288:9ZPntL7GQw8jzl7v4MvvnaTiIY11jTW84LYMdX9:ftXGxQ7vBvvnjVbTWthdt.

Archiving

Archiving Passwords Encryption IT

Gootkit delivery platform Gootloader used to deliver additional payloads

Security Affairs

MARCH 1, 2021

. “And if that same site visitor clicks the “direct download link” provided on this page, they receive a.zip archive file with a filename that exactly matches the search query terms used in the initial search, which itself contains another file named in precisely the same way.” ” continues the analysis.

Search queries

Search queries CMS Ransomware File names

A month later Gamaredon is still active in Eastern Europe

Security Affairs

JUNE 4, 2019

The infection chain is composed by different stages of password protected SFX (self extracting archive), each containing vbs or batch scripts. Execution of “ winupd.exe ” (SFX) and relative password (uyjqystgblfhs). The response body will contain a new executable file, named “jasfix.exe”, representing the new stage.

Archiving

Archiving Passwords File names Military

New Graphiron info-stealer used in attacks against Ukraine

Security Affairs

FEBRUARY 8, 2023

It creates temporary files with the “ lock” and “ trash” extensions. It uses hardcoded file names designed to masquerade as Microsoft office executables: OfficeTemplate.exe and MicrosoftOfficeDashboard.exe” reads the analysis published by Symantec.

File names

File names Passwords Phishing Encryption

Thousands of Mega account credentials leaked online, it is credential stuffing

Security Affairs

JULY 19, 2018

Thousands of account credentials associated with the popular file storage service Mega have been published online, The former NSA hacker Patrick Wardle, co-founder at Digita Security , discovered in June a text file containing over 15,500 usernames, passwords, and files names.

Data breaches

Data breaches IT File names Passwords

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

To access the internal MySQL database, the malware reads credentials from Linknat VOS2009 and VOS3000 configuration files. “Interestingly, the password from the configuration file is stored encrypted. The CDRThief can start from any location on the disk, using any file name. ” continues the analysis.

Metadata

Metadata Encryption File names Passwords

Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers

Security Affairs

DECEMBER 5, 2021

Upon executing the fake installers, they execute the following pieces of malware on the victim’s system: A password stealer called RedLine Stealer. The installer has many different file names. The group resurfaced in April 2021, the malvertising campaigns targeted users in Canada, the U.S., For example: viber-25164.exe,

Sales

Sales File names Passwords Access

Bronze Starlight targets the Southeast Asian gambling sector

Security Affairs

AUGUST 18, 2023

Then the loaders retrieve a second-stage payload stored in password-protected ZIP archive from Alibaba buckets. “The [HUI] loader is executed through sideloading by legitimate executables vulnerable to DLL hijacking and stages a payload stored in an encrypted file.” ” reads the analysis published by SentinelOne.

Archiving

Archiving File names Encryption Passwords

Cyclops Ransomware group offers a multiplatform Info Stealer

Security Affairs

JUNE 6, 2023

. “The stealer then enumerates directories and checks for the presence of targeted files and specific file extensions. If any matches are found, it creates a new, password-protected zip file (zip file name-n.zip) that includes an exact copy of the identified file along with its corresponding folder tree structure.

Ransomware

Ransomware Encryption Archiving File names

New APT34 campaign uses LinkedIn to deliver fresh malware

Security Affairs

JULY 22, 2019

The fake profiles asked the victims to open the weaponized excel file named ERFT-Details. ValueVault is a Golang -compiled version of the Windows Vault Password Dumper browser credential theft tool from Massimiliano Montoro , the developer of Cain & Abel. xls that was used as a dropper.

File names

File names Phishing Government Passwords

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Security Affairs

MARCH 28, 2019

The decoy files also included a shortcut file named Thumbs.db.lnk that could be exploited by attacker to steal NTLM hashes from the system. “Upon extraction, WinRAR copies a previously unknown payload we call SappyCache to the Startup folder with the file name ‘ekrnview.exe’.

Archiving

Archiving File names Education Libraries

Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol

Security Affairs

MAY 13, 2023

“Preliminary investigations indicate that Checkmate attacks via SMB services exposed to the internet and employs a dictionary attack to break accounts with weak passwords. Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name “!CHECKMATE_DECRYPTION_README”

Ransomware

Ransomware Encryption Passwords File names

Internet Archive data breach impacted 31M users

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Webinars

Trending Sources

STRRAT RAT spreads masquerading as ransomware

Webinars

FBI published a flash alert on Mamba Ransomware attacks

Fake Falcon crash reporter installer used to target German Crowdstrike users

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

“gitgub” malware campaign targets Github users with RisePro info-stealer

New ransomware group Hive leaks Altus group sample files

19 petabytes of data exposed across 29,000+ unprotected databases

Iran-linked group APT33 adds new Tickler malware to its arsenal

Monero Cryptocurrency campaign exploits ProxyLogon flaws

STOP ransomware encrypts files and steals victim’s data

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

CDRThief Linux malware steals VoIP metadata from Linux softswitches

APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Avast released a free decryptor for TargetCompany ransomware

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Unnamed Ransomware gang uses a Python script to encrypt VMware ESXi servers

Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia

Zeus Sphinx spam campaign attempt to exploit Coronavirus outbreak

“Collection #1” Data Breach Analysis – Part 1

U.S. CISA adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog

Threat actors leverages DLL-SideLoading to spread Qakbot malware

New Checkmate ransomware target QNAP NAS devices

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Introducing the PhishingKitTracker

Microsoft Vancouver leaking website credentials via overlooked DS_STORE file

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Chinese threat actor exploits old ThinkPHP flaws since October 2023

A flaw in MySQL could allow rogue servers to steal files from clients

Experts warn of backdoor-like behavior within Gigabyte systems

Ursnif campaign targets Italy with a new infection Chain

Gootkit delivery platform Gootloader used to deliver additional payloads

A month later Gamaredon is still active in Eastern Europe

New Graphiron info-stealer used in attacks against Ukraine

Thousands of Mega account credentials leaked online, it is credential stuffing

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers

Bronze Starlight targets the Southeast Asian gambling sector

Cyclops Ransomware group offers a multiplatform Info Stealer

New APT34 campaign uses LinkedIn to deliver fresh malware

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol

Stay Connected