Year: 2019

Delaware, USA – November 21, 2019 – New peer-to-peer botnet exploits the recently patched vulnerability in Webmin web-based system administration tool to infect Linux servers. CVE-2019-15107 was patched in August this year, and just a few days later adversaries began to exploit this vulnerability, among the ‘attackers’ was Roboto botnet spotted by researchers at 360 […]

Why Short-Cut The Threat Hunting Process? As with any security operations endeavor, we want to balance efficacy and efficiency to produce the best results with the smallest amount of resources. Unfortunately, Threat Hunting is often seen as a ‘luxury’, reserved only for the most advanced sec-ops teams with ample budgets to fund expert resources and […]

Delaware, USA – November 20, 2019 – Phoenix keylogger, which appeared this summer and is actively promoted on hacker forums, in four months has turned into a full-fledged infostealer, which has powerful anti-detection and anti-analysis modules. Cybereason researchers tracked this malware to its predecessor, Alfa keylogger which disappeared in a few months before Phoenix emerges. […]

Delaware, USA – November 19, 2019 – After a break, the cybercriminals resumed attacks on government systems in the United States. This time, the adversaries set their sights on Louisiana state government systems immediately after Governor John Bel Edwards was re-elected for a second term. The attack occurred on Monday, around 11 a.m. and at […]

Delaware, USA – November 18, 2019 – New malware with low detection rates installs two remote access trojans on victim machines. The dropper was detected and analyzed by the Fortinet team; at the time of publication of the report, the malware was detected by 8 antivirus engines only. Original Javascript code decodes VBScript obfuscated with […]

Delaware, USA – November 15, 2019 – A relatively new threat actor sends spam emails disguised as notifications from government agencies to infect victims with penetration testing frameworks, ransomware, and banking trojans. Proofpoint researchers found that the first campaign the attackers carried out only a month ago, its main targets were IT services companies in […]

Delaware, USA – November 14, 2019 – One of the most sophisticated Iranian APT groups uses their own VPN network to conduct reconnaissance and connect to the command-and-control infrastructure. In theory, this should have made the detection and attribution of attacks much more difficult, but in practice, Trend Micro researchers could track exit nodes and […]

Delaware, USA – November 13, 2019 – The infamous TA505 group, which is behind Dridex trojan and Globeimposter ransomware, is interested in System Integrator Companies. The threat was discovered and analyzed by Marco Ramilli, founder & CEO at Yoroi. After discovering one of the malicious emails, he tracked it to the validtree[.]com domain and determined […]

Delaware, USA – November 11, 2019 – On Saturday, cybercriminals attacked SmarterASP.NET, the US hosting provider with 440,000+ customers, and encrypted customer data and systems of the company. The site SmarterASP.NET was unavailable for about a day, the phone line was down, and customers reported their websites went down. This ransomware strain added .kjhbx extension […]

Delaware, USA – November 8, 2019 – Active for ten years, the stealthy APT group has launched a new campaign targeted at government organizations in South and Southeast Asia. The Platinum group skillfully disguises the malware installation process abusing legitimate tools and hiding malicious files in password-protected archives. The campaign was revealed by Kaspersky Lab, […]