Month: August 2019

BalkanDoor and BalkanRAT are Used in Financially-Motivated Campaign

Delaware, USA ā€“ August 15, 2019 ā€“ The campaign aimed at financial institutions in the Balkans started back in 2016 and continues to this day. Attackers improve the primary tools used and experiment with malware delivery methods. ESET experts linked the use of BalkanDoor and BalkanRAT to a single campaign and published detailed malware analysis […]

Read More
Cloud Atlas APT Uses Polymorphic Components to Avoid IOCs-based Detection

Delaware, USA ā€“ August 14, 2019 ā€“ Active since 2012, cyber espionage group Cloud Atlas has added new malware to its arsenal and expanded its area of ā€‹ā€‹activity. Adversaries do not change their Tactics, Techniques, and Procedures since they already allow them to successfully conduct cyber-espionage operations. Since the beginning of the year, the APT […]

Read More
40+ Drivers Make All Modern Versions of Windows Vulnerable to Privilege Escalation Attacks

Delaware, USA ā€“ August 12, 2019 ā€“ Researchers found vulnerable kernel-mode drivers developed for the hardware of at least 20 vendors including NVIDIA, AMD, and Realtek. At the DEF CON conference, Eclypsium researchers presented their findings: over forty 64-bit kernel drivers, which are signed by Microsoft and can be used to bypass and disable Windows […]

Read More
New Version of Ursnif Trojan in Ongoing Campaign

Delaware, USA ā€“ August 9, 2019 ā€“ Ursnif is one of the most widespread banking trojans. It appeared about 12 years ago and gained exceptional popularity after its source code was leaked in 2014, and since then various modifications of Ursnif have been used worldwide to steal passwords and banking information. A new ongoing campaign […]

Read More
LokiBot uses Steganography to Hide Code

Delaware, USA ā€“ August 8, 2019 ā€“ This is not the first attempt by LokiBot authors to use the steganography that APT groups periodically use to deliver malware. Previously, attackers added an archived malware to a PNG file, from where it was run using wscript. In a recent campaign discovered by Trend Micro researchers, LokiBot […]

Read More
Fancy Bear Compromises Organizations via IoT Devices

Delaware, USA ā€“ August 7, 2019 ā€“ The Russian state-sponsored threat actor continues to be interested in IoT Devices and abuses them to infiltrate corporate networks. The Microsoft Security Response Center has published an article revealing details of recent activity of the Fancy Bear group (aka APT28, Sophacy, and Strontium). In April, Microsoft discovered attempts […]

Read More
Continuous Compliance as a Code P1: Sigma

Compliance has always been a sort of Reactive process since standards are long, take tons of effort and a while to update, even more time to implement and the audit process happens once a year. Coming from the SIEM world I was dealing with Compliance through a prism of canned reports which usually return empty […]

Read More
MegaCortex Ransomware Makes the Next Step to Mass Attacks

Delaware, USA ā€“ August 6, 2019 ā€“ MegaCortex ransomware is rapidly evolving reducing the number of manual operations to a minimum. A couple of weeks ago, the first significant step was taken to simplify the infection process when malware authors compiled files the necessary for infection into a single signed executable. The new version of […]

Read More
LookBack Trojan Hunts the US Utility Firms

Delaware, USA ā€“ August 5, 2019 ā€“ The new malware was used in a spear-phishing campaign targeted at US companies in the utility sector. Proofpoint researchers discovered attacks in late June, all the emails were masked as notifications from the ‘US National Council of Examiners for Engineering and Surveying’ and contained failed examination alerts sent […]

Read More
Hexane Group Compromises ICT Related Entities

Delaware, USA ā€“ August 1, 2019 ā€“ The Hexane group has been active since the middle of last year, and as tensions in the Middle East increase, the group conducts more and more attacks targeting telecommunications companies and organizations in the oil and gas industry. The group was discovered by cybersecurity company Dragos Inc which […]

Read More