Security Affairs

MARCH 2, 2020

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. “Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. Pierluigi Paganini.

Ransomware 363

Ransomware File names Archiving Encryption 363

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The latest version of the Java-based STRRAT malware (1.5) Pierluigi Paganini.

Ransomware 361

Ransomware File names Encryption Passwords 361

Security Affairs

APRIL 2, 2020

SonicWall’s security researchers have discovered a new piece of malware that exploits the current COVID19 outbreak to render computers unusable by overwriting the master boot record (MBR). The BAT file creates a hidden folder named COVID-19, then move the dropped files to it. ” continues the analysis.

File names 361

File names Security Access IT 361

Security Affairs

NOVEMBER 7, 2019

Experts observed a new phishing campaign that used a specially crafted ZIP archive that was designed to bypass secure email gateways to distribute malware. Attackers have devised a new technique to distribute malware bypassing secure email gateways and other security solutions by using a specially crafted ZIP file.

Archiving 279

Archiving Security File names Phishing 279

Security Affairs

JULY 13, 2022

“Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 ThreatLabz reported that the attackers are using various different file names to disguise attachments designed to deliver Qakbot.

File names 342

File names Archiving Compliance IT 342

Security Affairs

JUNE 8, 2022

0patch researchers released an unofficial security patch for a Windows zero-day vulnerability dubbed DogWalk. 0patch released an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) dubbed DogWalk. “Okay, but who would download and open a silly diagcab file? .”

Security 246

Security File names Libraries Archiving 246

Security Affairs

JULY 20, 2024

The attackers attempted to trick the company’s customers into opening a ZIP archive file named “ crowdstrike-hotfix.zip.” ” The archive includes a loader named Hijack Loader used to execute the Remcos RAT. ” reads the report published by Kaspersky.

File names 362

File names Archiving Cybersecurity Communications 362

Security Affairs

MARCH 26, 2021

The researchers shared a detailed analysis on Security Affairs , they explained that once the malware has infected a Windows machine, it overwrites the existing Master Boot Record, with a custom MBR and encrypts the hard drive using the DiskCryptor tool. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware 363

Ransomware Encryption File names Passwords 363

Security Affairs

NOVEMBER 26, 2019

Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. “The Dexphot attack used a variety of sophisticated methods to evade security solutions. Doxphot stands out for its evasion techniques and its level of sophistication.

File names 363

File names Encryption Mining Security 363

Security Affairs

MAY 17, 2024

Researchers at Genius Security Center (GSC) identified a new attack strategy by the North Korea-linked Kimsuky APT group and collaborated with the Korea Internet & Security Agency (KISA) for analysis and response. “And if you compare the two malicious file execution screens, you can see the same pattern.

File names 327

File names Phishing Communications Security 327

Security Affairs

OCTOBER 6, 2018

“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. ” reads the security advisory published by Sony.

File names 279

File names IoT Security IT 279

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names 305

File names Archiving Passwords Communications 305

Security Affairs

FEBRUARY 17, 2023

Cybersecurity firm Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. is an external control of file name or path in the keyUpload scriptlet of FortiNAC. The vulnerability was internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.

File names 246

File names Cybersecurity Security IT 246

Security Affairs

MARCH 15, 2020

Researchers from MalwareHunterTeam discovered a suspicious RAR file named “COVID-19-” that was being distributed online, likely through phishing emails. "Important The RAR archive contains a file named “Important – COVID-19” that displays a Word icon. "Important – COVID-19.rar"

Communications 359

Communications File names Archiving Phishing 359

Security Affairs

JULY 15, 2022

The experts strongly recommend completely removing Kaswara Modern WPBakery Page Builder Addons as soon as possible and installing an alternative because likely the plugin will never receive a security fix for this issue. When attackers are successful at uploading the zip file, a single file named a57bze8931.php

File names 319

File names Security Information Security IT 319

Security Affairs

FEBRUARY 25, 2020

In this situation, ‘ Est security’ found malicious code disguised as a ‘Corona 19 real-time status’ inquiry program and asked the public’s attention. ’ When you run the file, you will see a pop-up window titled “Real-time Corona19 Status” depending on the variant. information takeover.

File names 326

File names Security IT Information Security 326

Security Affairs

MAY 3, 2020

In other words, it could be nice to see what are the patterns used by malware in both: domain names, file names and process names. TOP domains, TOP processes and TOP File Names. I am a computer security scientist with an intensive hacking background. About the author: Marco Ramilli, Founder of Yoroi.

Computer and Electronics 325

Computer and Electronics File names Cybersecurity Security 325

Security Affairs

SEPTEMBER 27, 2019

Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days after the release of WannaCryFake decryptor. Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days ago the researchers also released a free decryptor for the WannaCryFake ransomware.

Ransomware 264

Ransomware File names Encryption Security 264

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations. The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment.

Military 346

Military Phishing Archiving File names 346

Security Affairs

APRIL 19, 2022

Researchers at Nozomi Networks Labs have recently discovered a new BotenaGo variant that specifically targets Lilin security camera DVR devices. The experts called the sample they analyzed “Lillin scanner” because of the name the developers used for it in the source code: /root/lillin.go. 200 or HTTP/1.0 ” continues the analysis.

Security 264

Security IoT File names Passwords 264

Security Affairs

DECEMBER 27, 2018

” In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file. The post A new Shamoon 3 sample uploaded to VirusTotal from France appeared first on Security Affairs. Pierluigi Paganini.

File names 279

File names IT Security 279

Security Affairs

APRIL 22, 2024

National Security Agency and Microsoft addressed it with the release of Microsoft October 2022 Patch Tuesday security updates. GooseEgg is usually deployed with a batch script, commonly named execute.bat or doit.bat. This script creates a file named servtask.bat, which includes commands for saving or compressing registry hives.

Military 357

Military File names Education Phishing 357

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. rontok extension to the file names. According to the popular malware researcher Michael Gillespie , when the B0r0nt0K ransomware encrypts a file it will base64 the encrypted data. ” reported Bleeping Computer. Tweets by demonslay335. Pierluigi Paganini.

Ransomware 279

Ransomware File names Encryption Access 279

Security Affairs

JUNE 26, 2021

On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. Pierluigi Paganini.

Ransomware 340

Ransomware File names Archiving Encryption 340

Security Affairs

JUNE 5, 2021

The company reported the security breach to the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI). The Ransomware perform file system enumeration while encrypting the victim files, then appends the extension “.BlackCocaine BlackCocaine ” to the filenames of encrypted files. .”

Ransomware 363

Ransomware Encryption File names Financial Services 363

Security Affairs

JULY 24, 2021

Researchers from the Japanese security firm Mitsui Bussan Secure Directions (MBSD) discovered an Olympics-themed malware that implements wiping capabilities, The Record reported. ” reads the report published by the security firm. ” reads the report published by the security firm. Pierluigi Paganini.

File names 363

File names Access Security IT 363

Security Affairs

MARCH 3, 2020

Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure. they also announced a working tool for version 1.5. .

Ransomware 346

Ransomware File names Encryption Archiving 346

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. ” reported Akamai. In June, the U.S. ” concludes the report.

Honeypots 346

Honeypots File names Mining IoT 346

Security Affairs

JANUARY 7, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. The post Night Sky, a new ransomware operation in the threat landscape appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 363

Ransomware Encryption File names Communications 363

Security Affairs

SEPTEMBER 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.”

IT 319

IT File names Cybersecurity Encryption 319

Security Affairs

MARCH 11, 2023

Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun. esetservice.exe is actually a legitimate HTTP Server Service program made by the security firm ESET.

File names 246

File names Security IT Information Security 246

Security Affairs

JUNE 6, 2024

The malware then enters “VM mode” to encrypt files with specific extensions. Once executed, the ransomware drops a text file named TargetInfo.txt that contains victim information. Like the Windows variant of the ransomware, the content of the file TargetInfo.txt is then sent to a C2 server.

Ransomware 325

Ransomware File names Encryption Communications 325

Security Affairs

SEPTEMBER 10, 2023

. “When receiving a message, uploadTextMessageToService collects its contents, chat/channel title and ID, as well as sender’s name and ID. The collected information is then encrypted and cached into a temporary file named tgsync.s3. The app sends this temporary file to the command server at certain intervals.”

File names 343

File names Personal data Encryption Security 343

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. The post Evil Corp rebrands their ransomware, this time is the Macaw Locker appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware 355

Ransomware File names Encryption Government 355

Security Affairs

FEBRUARY 23, 2023

Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. is an external control of file name or path in the keyUpload scriptlet of FortiNAC. The vulnerability was internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team. “An

Honeypots 246

Honeypots File names Cybersecurity Security 246

Security Affairs

DECEMBER 26, 2020

The Hospital Group has confirmed the ransomware attack and notified the Information Commissioner about the security breach. data security breach.” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The Hospital Group also notified via email all customers. ” states The Sun.

Ransomware 345

Ransomware Personal data File names Security 345

Security Affairs

JULY 23, 2024

Threat actors abused swap files in compromised Magento websites to hide credit card skimmer and harvest payment information. Security researchers from Sucuri observed threat actors using swap files in compromised Magento websites to conceal a persistent software skimmer and harvest payment information.

Cleanup 334

Cleanup CMS File names Analytics 334