VirusTotal – Page 3 – WindowsTechs.com

U.S. Cyber Command shares new samples of suspected Iranian hacking software

Posted on January 12, 2022 by AJ Vicens

U.S. Cyber Command posted more than a dozen malware samples to a public repository Wednesday, saying that if network administrators see two or more of these samples on their systems, they may have been targeted by Iranian military hackers. The samples, posted to VirusTotal early Wednesday afternoon, represent various “open-source tools Iranian intelligence actors are using in networks around the world,” the military agency said in a statement. It’s Cyber Command’s first VirusTotal upload in nine months, according the the agency’s page on the site. Referring to the actors as “MuddyWater” — the moniker applied to some suspected Iranian government hacking activities dating back to at least 2015 — Cyber Command’s Cyber National Mission Force shared the samples “to better enable defense” against the attackers. Wednesday’s statement refers to MuddyWater as “a subordinate element” within the Iranian Ministry of Intelligence and Security (MOIS), an arm of the security apparatus focused on […]

The post U.S. Cyber Command shares new samples of suspected Iranian hacking software appeared first on CyberScoop.

Continue reading U.S. Cyber Command shares new samples of suspected Iranian hacking software→

Analysis of 80 million ransomware samples reveals a world under attack

Posted on October 14, 2021 by Graham Cluley

VirusTotal’s first Ransomware Activity Report reveals that it received ransomware submissions from 140 different countries around the world, and discovered at least 130 different ransomware families had been active since January 2020.

Adventures in Contacting the Russian FSB

Posted on June 7, 2021 by BrianKrebs

KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. Federal Bureau of Investigation (FBI). In the process of doing so, I encountered a small snag: The FSB’s website said in order to contact them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware.

The reason I contacted the FSB — one of the successor agencies to the Russian KGB — ironically enough had to do with security concerns raised about the FSB’s own preferred method of being contacted. Continue reading Adventures in Contacting the Russian FSB→

Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing

Posted on June 1, 2021 by Sean Lyngaas

An ex-U.S. ambassador to Russia, anti-corruption activists in Ukraine and election observers in other parts of Eastern Europe were among the apparent targets of a suspected Russian state-sponsored hacking effort, according to data linked to the spying operation that a researcher shared with CyberScoop. The list offers classic examples of organizations that Russian spies might want to infiltrate, including those working to expose graft, combat disinformation and promote secure elections. It also points to the persistent threats that small nonprofits face from well-resourced hackers, as well as the long-running alleged Russian efforts to undermine democratic institutions. Microsoft on May 27 said hackers had used a breached account belonging to the U.S. Agency for International Development, a U.S. government agency, to send phishing emails to some 3,000 email accounts at 150 organizations in 24 countries (U.S. officials estimated an even broader set of targets: 7,000 accounts and 350 organizations.) Microsoft blamed […]

The post Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing appeared first on CyberScoop.

Continue reading Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing→

CrowdStrike Deepens Security Ties with Google

Posted on May 17, 2021 by Michael Vizard

CrowdStrike has extended its relationship with Google Cloud to make it possible to bi-directionally share telemetry and data between CrowdStrike Falcon cloud service for protecting endpoints and security offerings from Google such as Chronicle, VirusT… Continue reading CrowdStrike Deepens Security Ties with Google→

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Posted on April 16, 2021 by BrianKrebs

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy. Continue reading Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?→

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Posted on April 16, 2021 by BrianKrebs

What are "outgoing links" in VirusTotal URL scan results? [closed]

Posted on January 23, 2021 by hilltothesouth

For example, here is the VirusTotal scan of edition.cnn.com:
https://www.virustotal.com/gui/url/965b9c99c8b23e6f4410d6de64524b53109b21a0af09fe3919fabd477fceff62/links
You can see 2 "outgoing links" in the "LINKS" tab:
h… Continue reading What are "outgoing links" in VirusTotal URL scan results? [closed]→

CISA and DoD Warn of Sophisticated Threat Actor Wielding New SlothfulMedia Malware

Posted on October 6, 2020 by Silviu STAHIE

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DOD) Cyber National Mission Force (CNMF) have revealed that new malware dubbed SlothfulMedia is currently used by a sophisticated threat actor. The two agenci… Continue reading CISA and DoD Warn of Sophisticated Threat Actor Wielding New SlothfulMedia Malware→

Mac, Linux Users Now Targeted by FinSpy Variants

Posted on September 28, 2020 by Lindsey O'Donnell

FinSpy has returned in new campaigns targeting dissident organizations in Egypt – and researchers uncovered new samples of the spyware targeting macOS and Linux users. Continue reading Mac, Linux Users Now Targeted by FinSpy Variants→