Security Affairs

FEBRUARY 23, 2023

Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. is an external control of file name or path in the keyUpload scriptlet of FortiNAC. The vulnerability was internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team. “An

Honeypots 89

Honeypots File names Cybersecurity Security 89

Security Affairs

JULY 13, 2022

“Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 ThreatLabz reported that the attackers are using various different file names to disguise attachments designed to deliver Qakbot.

File names 121

File names Archiving Compliance IT 121

eSecurity Planet

MAY 24, 2023

By implementing DKIM, an organization improves the reputation of its own emails and enables receiving email servers to improve their own email security. Basic DKIM DNS Record Structure The DKIM DNS record is very simple and conveys information both through the content of the record as well as the file name.

Encryption 78

Encryption Security Authentication File names 78

Security Affairs

MARCH 18, 2024

Upload a command shell with a pseudo-randomly generated file name. With previously disclosed flaws in Fortra GoAnywhere managed file transfer (MFT) coming under heavy exploitation last year by threat actors like Cl0p, it’s recommended that users have applied the necessary updates to mitigate potential threats.

File names 123

File names IT Security 123

Security Affairs

JUNE 29, 2023

Fortinet started investigating the threat after the discovery of an archive file with a file name in Russian, “Табель учета рабочего времени.zip” (“time sheet” in English). The zip archive contains two files with.exe extension preceded by another document-related extension (double extension). ” concludes the report.

File names 82

File names Archiving IT Security 82

Security Affairs

SEPTEMBER 10, 2023

. “When receiving a message, uploadTextMessageToService collects its contents, chat/channel title and ID, as well as sender’s name and ID. The collected information is then encrypted and cached into a temporary file named tgsync.s3. The app sends this temporary file to the command server at certain intervals.”

File names 124

File names Personal data Encryption Security 124

Security Affairs

MAY 31, 2023

Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. ” Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Researchers discovered a suspected backdoor-like behavior within Gigabyte systems that exposes devices to compromise.

File names 91

File names Risk Passwords Security 91

AIIM

JULY 8, 2021

Don’t, however, lose sight of the fact that information scattered across a dispersed workforce can significantly raise the risk of a data breach or other security concerns. At Gimmal, we regularly talk to IT, security, and privacy professionals across a broad portfolio of industries. Applying retention rules (i.e.,

File names 200

File names Data breaches Risk Privacy 200

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The latest version of the Java-based STRRAT malware (1.5) Pierluigi Paganini.

Ransomware 124

Ransomware File names Encryption Passwords 124

Security Affairs

MARCH 26, 2021

The researchers shared a detailed analysis on Security Affairs , they explained that once the malware has infected a Windows machine, it overwrites the existing Master Boot Record, with a custom MBR and encrypts the hard drive using the DiskCryptor tool. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware 144

Ransomware Encryption File names Passwords 144

Security Affairs

JUNE 19, 2023

The function writes some C code received from the C2 to a temporary file named tmp.c, that is later compiled to a file named /tmp/.ICE-unix/git After compilation, the file is executed in background with two parameters, also received from C2.” ICE-unix/git using the cc command on Fedora and gcc on Debian.

File names 97

File names Archiving IT Security 97

IT Governance

NOVEMBER 17, 2022

The organisation’s share price plummeted by almost 19% following the data breach, and despite its claims that it has done the right thing, new details continue to emerge that cast doubt on Medibank’s cyber security practices. Things got worse for Medibank after a second database was leaked , containing a file named “abortions”.

IT 107

IT Ransomware Security Data breaches 107

Security Affairs

AUGUST 23, 2023

EsafeNet is owned by Chinese information security firm NSFOCUS. This downloader was used to install the Korplug backdoor on the infected systems. “The downloader attempted to download a file named update.zip from the following location: [link] continues the report. It decompresses and executes a file named content.dll.

File names 76

File names Encryption Archiving Information Security 76

Security Affairs

DECEMBER 6, 2023

However, if the iPhone was previously compromised, the security feature cannot block the malware from running in the background, whether the user activates Lockdown Mode or not Upon turning on the feature in the Settings app, the method -[PUILockdownModeController setLockdownModeGloballyEnabled:] is triggered.

File names 110

File names IT Security Access 110

Security Affairs

FEBRUARY 29, 2024

The ZIP archive contains an HTA file named wine.hta that contains obfuscated JavaScript code. The campaign is characterized by its very low volume and the advanced tactics, techniques, and procedures (TTPs) employed by the threat actors.

Archiving 103

Archiving File names IT Information Security 103

Security Affairs

MARCH 2, 2020

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. “Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. Pierluigi Paganini.

Ransomware 118

Ransomware File names Archiving Encryption 118

Security Affairs

APRIL 9, 2023

The flaw was reported by the security researcher Seongil Wi from South Korean security firm KAIST WSP Lab. ” Wi also published two proof-of-concept (PoC) exploits for this vulnerability that can be used to escape the sandbox to create an empty file named “flag” on the host. .”

Libraries 69

Libraries File names Education Cybersecurity 69

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations. The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment.

Military 115

Military Phishing File names Archiving 115

Security Affairs

APRIL 2, 2020

SonicWall’s security researchers have discovered a new piece of malware that exploits the current COVID19 outbreak to render computers unusable by overwriting the master boot record (MBR). The BAT file creates a hidden folder named COVID-19, then move the dropped files to it. ” continues the analysis.

File names 111

File names Access IT Security 111

Security Affairs

AUGUST 28, 2023

watchTowr Labs security researchers published a proof-of-concept exploit (PoC) exploit code for vulnerabilities in Juniper SRX firewalls. watchTowr Labs security researchers exploited a pre-authentication upload vulnerability (CVE-2023-36846) to upload an arbitrary PHP file to a restricted directory with a randomised file name.

File names 87

File names Authentication Security Access 87

Security Affairs

SEPTEMBER 2, 2022

Also, a list of all the encrypted files gets stored in a file named wrkman.log.0. The Uptycs Threat Research team is continuously monitoring related malware campaigns to safeguard customers and inform the broader security community. Figure 4: Inside the start_routine. Conclusion. Pierluigi Paganini.

Ransomware 143

Ransomware Encryption File names IT 143

Security Affairs

FEBRUARY 10, 2024

The researchers noticed that the backdoor contained a plist file named ‘test’. The first variant of the backdoor that was detected in November 2023 was likely a test version that did not support a persistence mechanism. “We identified multiple variants of the embedded Apple script, but all of them are meant for data exfiltration.”

Ransomware 121

Ransomware File names Passwords IT 121

Security Affairs

FEBRUARY 16, 2024

Turla operators used the scripts to exfiltrate keys used to secure the password databases of popular password management software. killme” : Create a BAT file (see below) with a name based on the current tick count. The cybersecurity firm identified three different TinyTurla-NG samples, and gained access to two of them.

CMS 106

CMS File names Passwords Access 106

Security Affairs

AUGUST 18, 2023

The malware and infrastructure employed in the campaign are linked to the ones observed in Operation ChattyGoblin attributed by the security firm ESET to China-linked threat actors. “The [HUI] loader is executed through sideloading by legitimate executables vulnerable to DLL hijacking and stages a payload stored in an encrypted file.”

Archiving 90

Archiving File names Encryption Passwords 90

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names 80

File names Archiving Passwords Communications 80

Security Affairs

OCTOBER 22, 2023

.” A Vietnamese group observed by the researchers used very similar lures and delivery methods in different attacks attempting to deliver: DarkGate Ducktail Lobshot Redline stealer The attack chain began with the download of a file named “Salary and new products.8.4.zip” zip” and the execution of the content.

File names 107

File names Archiving IT Access 107

Security Affairs

MARCH 19, 2022

. “The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data. This file must be roughly 20KB or larger in size. ” reads the guide for the decryptor.

Ransomware 87

Ransomware File names Encryption Cybersecurity 87

Security Affairs

JULY 24, 2021

Researchers from the Japanese security firm Mitsui Bussan Secure Directions (MBSD) discovered an Olympics-themed malware that implements wiping capabilities, The Record reported. ” reads the report published by the security firm. ” reads the report published by the security firm. Pierluigi Paganini.

File names 142

File names Access Security IT 142

Security Affairs

MARCH 31, 2023

Threat actors are actively exploiting a high-severity flaw in the Elementor Pro WordPress plugin used by more than eleven million websites WordPress security firm PatchStack warns of a high-severity vulnerability in the Elementor Pro WordPress plugin that is currently being exploited by threat actors in the wild. 193.169.195.64 194.135.30.6

File names 97

File names Authentication Education Access 97

Schneier on Security

MAY 4, 2022

The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. Customized versions of the backdoor that use file names and creation dates that are similar to legitimate files used on a specific infected device.

IoT 104

IoT File names Encryption Access 104

Security Affairs

FEBRUARY 17, 2022

Starting in January 2022, security researchers from Avanan observed attackers compromising Microsoft Teams accounts attach malicious executables to chat and infect participants in the conversation. “Compounding this problem is the fact that default Teams protections are lacking, as scanning for malicious links and files is limited.

File names 142

File names Phishing Data breaches Access 142

Security Affairs

NOVEMBER 26, 2019

Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. “The Dexphot attack used a variety of sophisticated methods to evade security solutions. Doxphot stands out for its evasion techniques and its level of sophistication.

File names 121

File names Encryption Mining Security 121

Security Affairs

MARCH 17, 2024

All unique passwords are stored in a file named “brute.txt”. In the file “password.txt” we discovered a big RISEPRO banner and the link to the public Telegram channel. RisePro is a C++ info-stealer that has been active since at least 2022, it allows to gathering sensitive data from the infected system.

Passwords 107

Passwords File names Archiving Cybersecurity 107

Security Affairs

OCTOBER 6, 2018

“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. ” reads the security advisory published by Sony.

File names 90

File names IoT Security IT 90

Security Affairs

JANUARY 7, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. The post Night Sky, a new ransomware operation in the threat landscape appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware 127

Ransomware Encryption File names Communications 127

Security Affairs

FEBRUARY 3, 2023

The attack chain starts with spear-phishing messages with a.RAR attachment named “12-1-125_09.01.2023.” The.RAR archive contains the.LNK file named “Запит Служба безпеки України 12-1-125 від 09.01.2023.lnk” lnk” (“Request of the Security Service of Ukraine 12-1-125 dated 09.01.2023.lnk”). shop/09.01_otck/quicker[.]rtf.

File names 88

File names Archiving Phishing Government 88

Security Affairs

AUGUST 30, 2023

This week, watchTowr Labs security researchers published a proof-of-concept exploit (PoC) exploit code for vulnerabilities in Juniper SRX firewalls. watchTowr Labs security researchers exploited a pre-authentication upload vulnerability (CVE-2023-36846) to upload an arbitrary PHP file to a restricted directory with a randomised file name.

File names 106

File names Authentication Security Access 106