Delaware, USA – October 12, 2018 — The Muddywater APT group appeared last year, and the first cyber espionage campaigns they conducted against government organizations of Iraq and Saudi Arabia. Now a number of other countries of the Middle East and Europe are in their field of interest. The group conducts a large number of […]
Delaware, USA – October 11, 2018 — The newly discovered APT group Gallmaker has been active at least since last December and is aimed at the government, military and defense targets in the Middle East and Eastern Europe. The group does not use malware during the attacks. Instead, they are perfect at using living off […]
Delaware, USA – October 10, 2018 — In mid-September, one of the groups behind the card-skimming campaign Magecart compromised the Shopper Approved plug-in and injected malicious code into it. RiskIQ researchers consider that there are at least six cybercriminal groups involved in the campaign, and the same group that attacked Ticketmaster in July of this […]
Delaware, USA – October 9, 2018 — Security researcher Vishal Thakur dissected the newest version of Emotet downloader and discovered several new features that make malware even more stealthy and effective. Attackers used another obfuscation pattern to complicate detection, and downloader now drops Powershell.exe to Temp folder and then executes it. Also, the new version […]
Delaware, USA – October 8, 2018 — Adversaries are constantly looking for new ways to infect the victim’s system, and now the Excel Web Query file (IQY) has attracted their attention, which has been used in recent campaigns to spread FlawedAmmyy RAT. Last month, attackers distributed multi-platform Adwind malware via malicious Excel documents with .CSV […]
Delaware, USA – October 5, 2018 — Adversaries behind the Fallout Exploit kit started distributing the latest version of the Kraken Cryptor Ransomware. Before that, they used the exploit kit for about two weeks to infect their victims with GandCrab ransomware. Kraken Cryptor, as well as GandCrab, is Ransomware-as-a-Service, so adversaries can easily switch from […]
Delaware, USA – October 4, 2018 — US-CERT, the US Department of Homeland Security, the US Department of the Treasury and the FBI have published a joint report on a new scheme for stealing money from ATMs. One of the divisions of the infamous Lazarus group uses FASTCash tactics in attacks on banks worldwide. The […]
Delaware, USA – October 3, 2018 — Researchers from Proofpoint discovered the first campaign to distribute DanaBot malware, which targets banks in the United States. The DanaBot banking Trojan was first discovered 5 months ago, and it only attacked Australian banks. Soon, this malware was adopted by cybercriminals attacking banks in Europe, and one of […]
Delaware, USA – October 2, 2018 — Sigma UI plugin for Kibana is available in Threat Detection Marketplace. This is a free open-source application based on the Elastic stack and Sigma Converter (sigmac). It simplifies development, use and sharing of Sigma, a generic rule format for SIEM systems. It is now possible to write, update […]
Delaware, USA – September 28, 2018 — In May, Arbor Networks discovered modified LoJack applications that communicated with command & control servers used by Fancy Bear in previous campaigns. Yesterday at the Microsoft BlueHat conference, researchers from ESET presented a report about LoJax UEFI rootkit developed by the APT group. This first detected malware of […]