Delaware, USA – October 26, 2018 — Another representative has expanded the list of Ransomware-as-a-service platforms. FilesLocker Ransomware is being marketed through the Chinese underground forums hidden in Tor network. The authors offer malware for free, but every attacker who spread FilesLocker should infect at least ten victims every day and return to the developers […]
Delaware, USA – October 25, 2018 — It is already known about 20 Magento extensions that are vulnerable to the attacks of cybercriminal groups behind the Magecart operation. Security researcher Willem de Groot, who has long been following the Magecart activity, identified sixteen extensions and asked the public for help to identify the others. The […]
Delaware, USA – October 24, 2018 — A security researcher hiding under the SandboxEscaper nickname published on GitHub a proof-of-concept exploit for the second zero-day vulnerability he discovered and reported this via the Twitter account. A new exploit enables privilege escalation in Microsoft Data Sharing (dssvc.dll) and allows an attacker to delete critical system files. […]
Delaware, USA – October 23, 2018 — Last year, the Shadow Brokers group stole a number of hacking tools and exploits from the Equation Group associated with the NSA, and some of them were disclosed to the public. The most serious and noticeable consequences came from the publication of the EthernalBlue exploit and the subsequent […]
Delaware, USA – October 19, 2018 — The Bronze Buttler group (aka Redbaldknight) continues to use Datper malware in attacks in the East Asia region. Bronze Buttler has been active since 2016 and is presumably located in the People’s Republic of China, the primary targets of attacks are located in South Korea and Japan. Attackers […]
Delaware, USA – October 18, 2018 — GreyEnergy APT group conducts cyber espionage and reconnaissance operations, preparing the ground for further destructive attacks. Researchers from ESET believe that the group appeared as a result of the separation of BlackEnergy into two groups with different tasks: GreyEnergy and Telebots. The APT group uses own malware framework, […]
Delaware, USA – October 17, 2018 — Researchers at Cisco Talos discovered several campaigns that use the new trick to infect victims with infostealers. Attackers distribute Loki, Agent Tesla and Gamarue malware, which can steal passwords from popular programs, take screenshots, record video from a webcam and download additional payload. Researchers associate these campaigns with […]
Delaware, USA – October 16, 2018 — APT Framework 2.0 for ArcSight is available in Threat Detection Marketplace. Predicting the shape of the threat landscape is a lot like meteorology. Even though the data may point to sunny skies, we aren’t too surprised when a storm rolls through instead. Similarly, the threat landscape has sudden […]
Introduction to Sigma Sigma, created by Florian Roth and Thomas Patzke, is an open source project to create a generic signature format for SIEM systems. The common analogy is that Sigma is the log file equivalent of what Snort is to IDS and what YARA is for file based malware detection. However, unlike Snort and […]
Delaware, USA – October 15, 2018 — Unidentified cybercriminals carried out the largest cyber attack in the history of Iceland infecting users with Remcos remote access tool and gain access to their banking accounts. On October 6, adversaries started sending phishing emails, which contained a link to the spoofed version of the Icelandic police website and […]