Delaware, USA – August 22, 2018 – Dark Tequila is a sophisticated modular banking malware targeted at users from Mexico that remained undetected for about five years. Researchers from Kaspersky Lab discovered and analyzed the ongoing malicious campaign. Dark Tequila is designed to steal financial information and credentials to online banking and popular websites including […]
Delaware, USA – August 21, 2018 – Researchers from Checkpoint analyzed the ongoing ransomware campaign targeted enterprises worldwide. During the campaign, attackers infect critical infrastructure of large companies with the Ryuk ransomware and demand a significant amount of ransom in bitcoins. At the moment, it is known about three affected companies that paid the ransom […]
Delaware, USA – August 20, 2018 – Last week experts from Trend Micro published details of the exploitation of zero-day vulnerability CVE-2018-8373, which was fixed as part of August Patch Tuesday. This vulnerability in the VBScript engine allows attackers to execute arbitrary code on the victim’s system. On July 11, researchers discovered the first attacks using […]
Many things are written about SIEM, yet my personal experience with these wonderful tools began back in 2007. Today the technology itself is more than 18 years old and SIEM is by all means a mature market. Together with clients, team and partners I was privileged to actively participate in more than a hundred of […]
Delaware, USA – August 16, 2018 – Last weekend, unknown adversaries withdrew from Indian bank Cosmos 940 million rupees (more than $13 million) in three stages. The investigation of the incident continues, and the bank reports that the funds on the clients’ accounts were not affected. The first stage of the attack on Cosmos bank […]
Delaware, USA – August 15, 2018 – Yesterday Microsoft released security updates patching 60 vulnerabilities in their products, among which there were two zero-days actively exploiting in the wild. The security flaw in the Internet Explorer scripting engine (CVE-2018-8373) allows attackers to execute code remotely. Attackers can exploit CVE-2018-8373 both when users visit a malicious […]
Delaware, USA – August 14, 2018 – Hackers compromise D-Link DSL routers in Brazil and change the DNS settings so that devices connect to attackers’ DNS servers. This scheme allows attackers to redirect targeted users to phishing websites, practically indistinguishable from real ones. The only visible difference is the browser marks pages as insecure so […]
Delaware, USA – August 10, 2018 – One more hacker group targets government organizations in the Middle East. Palo Alto Networks Unit42 revealed one of DarkHydrus campaigns and tracked their activity until 2016. DarkHydrus leverages spear phishing attacks using documents created with the open-source Phishery tool. Such documents allow them to steal user credentials and […]
Delaware, USA – August 9, 2018 – Experts from Palo Alto Networks discovered a new Pakistani threat actor, which they called the Gorgon Group. The group has been active since February 2018, but the activities of its members were tracked until 2016. Gorgon Group conducts both criminal attacks and targeted attacks using the same infrastructure. […]
Delaware, USA – August 3, 2018 – This week in Brazil, an unknown attacker started massive cryptojacking campaign targeted MikroTik routers, quickly spreading around the world. He exploits a zero-day vulnerability in MikroTik routers patched this April to inject Coinhive cryptocurrency mining script into web pages visited by users. The attacker knows these routers well […]