Month: August 2018

Delaware, USA – August 30, 2018 – Last week, several PoC exploits were published for the recently patched vulnerability in Apache Struts (CVE-2018-11776) as well as the python script, which simplifies the attack. The vulnerability allows to execute code remotely on servers with the versions of the framework from 2.3 to 2.3.34 and from 2.5 […]

Delaware, USA – August 28, 2018 – The researcher under the pseudonym SandboxEscaper published on GitHub Proof-of-concept (PoC) of the new zero-day vulnerability in the Microsoft Windows task scheduler. The exploitation of this vulnerability leads to a local privilege escalation and allows a local user to gain SYSTEM privileges. Will Dormann from CERT/CC confirmed the […]

Delaware, USA – August 27, 2018 – The BackSwap banking trojan switched to Spanish financial organizations. Researchers from ESET discovered this threat in March, and they published a report in which they shared the results of further monitoring of the trojan. Until recently, BackSwap operators targeted only banks in Poland, but now the trojan configured […]

Delaware, USA – August 24, 2018 – It became known that the Lazarus group started using malware for MacOS in their campaigns. Earlier this week, researchers revealed details of the operation of DarkHotel group and Ryuk Ransomware campaign, and now researchers from Kaspersky Lab reported about the attack of the North Korean APT group on […]

Delaware, USA – August 23, 2018 – Turla APT group created a unique Outlook backdoor and used it to spy on at least two European government foreign offices and one defense contractor. The APT group operates since 2008 using Gazer backdoor in cyberespionage campaigns targeted government and diplomatic bodies in Europe, Asia and South America. […]

Delaware, USA – August 22, 2018 – Dark Tequila is a sophisticated modular banking malware targeted at users from Mexico that remained undetected for about five years. Researchers from Kaspersky Lab discovered and analyzed the ongoing malicious campaign. Dark Tequila is designed to steal financial information and credentials to online banking and popular websites including […]

Delaware, USA – August 21, 2018 – Researchers from Checkpoint analyzed the ongoing ransomware campaign targeted enterprises worldwide. During the campaign, attackers infect critical infrastructure of large companies with the Ryuk ransomware and demand a significant amount of ransom in bitcoins. At the moment, it is known about three affected companies that paid the ransom […]

Delaware, USA – August 20, 2018 – Last week experts from Trend Micro published details of the exploitation of zero-day vulnerability CVE-2018-8373, which was fixed as part of August Patch Tuesday. This vulnerability in the VBScript engine allows attackers to execute arbitrary code on the victim’s system. On July 11, researchers discovered the first attacks using […]

Many things are written about SIEM, yet my personal experience with these wonderful tools began back in 2007. Today the technology itself is more than 18 years old and SIEM is by all means a mature market. Together with clients, team and partners I was privileged to actively participate in more than a hundred of […]

Delaware, USA – August 16, 2018 – Last weekend, unknown adversaries withdrew from Indian bank Cosmos 940 million rupees (more than $13 million) in three stages. The investigation of the incident continues, and the bank reports that the funds on the clients’ accounts were not affected. The first stage of the attack on Cosmos bank […]