Month: May 2019

Diplomatic Entities in Europe are Struck by Turla APT

Delaware, USA ā€“ May 31, 2019 ā€“ Turla APT attacks diplomats in Eastern Europe using new PowerShell loaders. ESET analyzed the detected malware samples and published a report on a new series of attacks. In their cyber espionage campaigns, the group uses custom sophisticated malware such as the newly discovered LightNeuron backdoor for Microsoft Exchange […]

Read More
Chinese Hackers Infects 700+ Servers per Day in Nansh0u Campaign

Delaware, USA ā€“ May 30, 2019 ā€“ More than 50 thousand Windows MS-SQL and PHPMyAdmin servers were infected with cryptocurrency mining malware during Nansh0u campaign. Guardicore Labs’ experts discovered a malicious campaign in early April and tracked its beginning to the February 26th. During the investigation, the experts discovered 20 variants of malicious payloads, the […]

Read More
Roughly 950,000 Systems are Still Vulnerable to BlueKeep

Delaware, USA ā€“ May 29, 2019 ā€“ Robert Graham from Errata Security published research that clarified the number of vulnerable systems to CVE-2019-0708 (aka BlueKeep). Despite the fact that two weeks have passed since the update was released, and all media resources literally scream about the danger of this vulnerability, about 950,000 unpatched systems with […]

Read More
APT10 Targets Southeast Asia with Two New Loaders

Delaware, USA ā€“ May 28, 2019 ā€“Ā The Chinese hacker group APT10 (also known as Stone Panda) started using new loaders during the cyber espionage campaign in Southeast Asia. The campaign was discovered at the end of last month by security researchers from enSilo, with the help of new malware adversaries deliver modified tools used by […]

Read More
First Scans for Systems Vulnerable to BlueKeep

Delaware, USA ā€“ May 27, 2019 ā€“ Cybersecurity company GreyNoise Intelligence detected scans for systems vulnerable to CVE-2019-0708 flaw also known as BlueKeep. Researchers spotted sweeping tests from several dozen hosts around the Internet. All of them are exiting Tor nodes and it seems like a single threat actor conducts reconnaissance preparing for the attack. […]

Read More
JasperLoader Malware Focuses on Italian Targets

Delaware, USA ā€“ May 24, 2019 ā€“ One of the relatively new malware downloaders was significantly improved by the authors after the publication of its analysis in the Cisco Talos blog. In April, the mass distribution of JasperLoader via a spam campaign targeted at Europeans was recorded. Adversaries leveraged it to deliver Gootkit banking Trojan, […]

Read More
SeedWorm Uses New Anti-Detection Techniques in BlackWater Camapign

Delaware, USA ā€“ May 23, 2019 ā€“Ā The Infamous SeedWorm hacking group (also known as MuddyWater APT) expanded their Tactics, Techniques, and Procedures and started using new methods to collect data on infected systems bypassing security solutions. The APT group operates primarily in the Middle East, but recently they also targeted organizations in Europe and North […]

Read More
SandboxEscaper Released New Zero-Day Exploit for Windows 10

Delaware, USA ā€“ May 22, 2019 ā€“ While we are all preparing to oppose attacks that exploit CVE-2019-0708 vulnerability, infamous exploit developer SandboxEscaper publishes her new findings on GitHub. A new exploit for the Task Scheduler vulnerability allows elevating privileges of a limited user account up to admin access. The available code can be used […]

Read More
Researchers Actively Develop BlueKeep POC Exploits

Delaware, USA ā€“ May 21, 2019 ā€“ Last week, Microsoft released a patch for the critical vulnerability (CVE-2019-0708 aka BlueKeep) in Remote Desktop Services which allows adversaries to connect to a target system via RDP and gain full access without authentication. This vulnerability affects the old versions of the operating system: Windows XP, Vista, Windows […]

Read More
Winnti Group Uses Backdoor for Linux

Delaware, USA ā€“ May 20, 2019 ā€“ Researchers from Chronicles, Alphabet’s cyber-security division, discovered and analyzed the Linux version of the tool used by the Chinese state-sponsored group. The Winnti group has attracted a lot of media attention in recent months, thanks to the report on the unsuccessful attack on the German drugmaker Bayer and […]

Read More