Year: 2018

JungleSec Ransomware Infects Linux Servers through IPMI Cards

Delaware, USA ā€“ December 28, 2018 ā€“ Adversaries have found a new way to infect servers through unsecured Intelligent Platform Management Interface cards. JungleSec ransomware appeared almost two months ago, cybercriminals use it to encrypt files on systems running Linux, MacOS and Windows, and Mac demanding a ransom of 0.3 bitcoin, but many users who […]

Read More
Updated Smoke Loader Malware Spreads via Phishing Emails

Delaware, USA ā€“ December 27, 2018 ā€“ When the cybersecurity community is studying reports and making plans for the upcoming year, the criminals are still improving their weapons. The recently published investigation reveals the details of the malware attack which used a top-level domain registered by cybercriminals as a command and control server. Bulk mailing […]

Read More
One More Windows Zero-Day PoC Exploit Disclosed by SandboxEscaper

Delaware, USA ā€“ December 21, 2018 ā€“ New exploit allows reading data from specific locations with system level access. SandboxEscaper publishes the third exploit in the last few months, previous exploits were quickly weaponized by cybercriminals and actively used even after Microsoft released security updates. The first exploit led to a local privilege escalation enabling […]

Read More
APT33 Attacks Organizations Using Shamoon and Filerase Wipers

Delaware, USA ā€“ December 20, 2018 ā€“ The investigation of recent attacks on the oil and gas industry in the Middle East revealed that the Iranian group APT33 is behind this operation. The attackers have been preparing for the campaign for at least several months, collecting credentials of companies employees using phishing sites with job […]

Read More
Fancy Bear Creates New Variant of Zebrocy Malware

Delaware, USA ā€“ December 19, 2018 ā€“ This month, researchers from Palo Alto discovered a new version of Zebrocy malware written using the Go programming language. It was used in a cyber-espionage campaign, which experts associate with attacks of the Fancy Bear group (aka APT28) targeted government organizations in North America and Europe. The first […]

Read More
L0rdix Malware Available on DarkNet Forums

Delaware, USA ā€“ December 18, 2018 ā€“ Multifunctional malware for Windows, discovered last month, is actively advertised on underground forums and is available to anyone for as little as $60. For the first time, L0rdix was spotted by Ben Hunter, the security researcher from enSilo. He analyzed several samples and reported that its authors continue […]

Read More
New Trojan Receives Instructions via Twitter

Delaware, USA ā€“ December 17, 2018 ā€“ Adversaries use steganography to hide commands in malicious memes posted on Twitter. Researchers from TrendMicro discovered a new malware strain that downloads images from a specific Twitter account to extract the command that starts with the ā€˜/ā€™ character. The trojan is capable of making screenshots, retrieving username and […]

Read More
Shamoon Malware Attacks Saipem’s Network

Delaware, USA ā€“ December 14, 2018 ā€“ The details on the cyber attack targeted Saipem, which happened last weekend, have become known. The data-wiping attack on the Italian oil and gas company mainly affected servers in the Middle East, but it also made inoperative assets in Italy, India and Scotland. Undefined cybercriminals used a new […]

Read More
24 Countries Targeted by Operation Sharpshooter

Delaware, USA ā€“ December 13, 2018 ā€“ ‘Operation Sharpshooter’ cyber espionage campaign has been active for two months targeting at least 87 organizations in 24 countries. It is still unknown who is the threat actor behind this campaign. Attackers use techniques, tactics and procedures of the Lazarus group, but researchers from McAfee assume that all […]

Read More
Novidade Exploit Kit Targets Home and Small Office Routers

Delaware, USA ā€“ December 12, 2018 ā€“ A newly discovered Novidade exploit kit attacks home and SOHO routers compromising endpoints and mobile devices connected to them. Researchers from Trend Micro described in the blog post that the exploit kit uses cross-site request forgery to change DNS settings allowing adversaries to conduct a pharming attack redirecting […]

Read More