Month: August 2018

Attackers Exploit CVE-2018-11776 in Apache Struts to Infect Servers with Coinminers

Delaware, USA – August 30, 2018 – Last week, several PoC exploits were published for the recently patched vulnerability in Apache Struts (CVE-2018-11776) as well as the python script, which simplifies the attack. The vulnerability allows to execute code remotely on servers with the versions of the framework from 2.3 to 2.3.34 and from 2.5 […]

Read More
PoC of Zero-Day Vulnerability is Published on GitHub

Delaware, USA – August 28, 2018 – The researcher under the pseudonym SandboxEscaper published on GitHub Proof-of-concept (PoC) of the new zero-day vulnerability in the Microsoft Windows task scheduler. The exploitation of this vulnerability leads to a local privilege escalation and allows a local user to gain SYSTEM privileges. Will Dormann from CERT/CC confirmed the […]

Read More
BackSwap Trojan Targets Banks in Spain

Delaware, USA – August 27, 2018 – The BackSwap banking trojan switched to Spanish financial organizations. Researchers from ESET discovered this threat in March, and they published a report in which they shared the results of further monitoring of the trojan. Until recently, BackSwap operators targeted only banks in Poland, but now the trojan configured […]

Read More
MacOS Malware Used in Operation AppleJeus

Delaware, USA – August 24, 2018 – It became known that the Lazarus group started using malware for MacOS in their campaigns. Earlier this week, researchers revealed details of the operation of DarkHotel group and Ryuk Ransomware campaign, and now researchers from Kaspersky Lab reported about the attack of the North Korean APT group on […]

Read More
Turla APT Uses Outlook Backdoor in Cyberespionage Operations

Delaware, USA – August 23, 2018 – Turla APT group created a unique Outlook backdoor and used it to spy on at least two European government foreign offices and one defense contractor. The APT group operates since 2008 using Gazer backdoor in cyberespionage campaigns targeted government and diplomatic bodies in Europe, Asia and South America. […]

Read More
Dark Tequila Malware Operates Since 2013

Delaware, USA – August 22, 2018 – Dark Tequila is a sophisticated modular banking malware targeted at users from Mexico that remained undetected for about five years. Researchers from Kaspersky Lab discovered and analyzed the ongoing malicious campaign. Dark Tequila is designed to steal financial information and credentials to online banking and popular websites including […]

Read More
Ryuk Ransomware Campaign Targets Enterprises Worldwide

Delaware, USA – August 21, 2018 – Researchers from Checkpoint analyzed the ongoing ransomware campaign targeted enterprises worldwide. During the campaign, attackers infect critical infrastructure of large companies with the Ryuk ransomware and demand a significant amount of ransom in bitcoins. At the moment, it is known about three affected companies that paid the ransom […]

Read More
Darkhotel Group Uses Zero-Day in Recent Campaign

Delaware, USA – August 20, 2018 – Last week experts from Trend Micro published details of the exploitation of zero-day vulnerability CVE-2018-8373, which was fixed as part of August Patch Tuesday. This vulnerability in the VBScript engine allows attackers to execute arbitrary code on the victim’s system. On July 11, researchers discovered the first attacks using […]

Read More
The Theory and Reality of SIEM ROI

Many things are written about SIEM, yet my personal experience with these wonderful tools began back in 2007. Today the technology itself is more than 18 years old and SIEM is by all means a mature market. Together with clients, team and partners I was privileged to actively participate in more than a hundred of […]

Read More
Hackers Steal $13.4 Million from Cosmos Bank

Delaware, USA – August 16, 2018 – Last weekend, unknown adversaries withdrew from Indian bank Cosmos 940 million rupees (more than $13 million) in three stages. The investigation of the incident continues, and the bank reports that the funds on the clients’ accounts were not affected. The first stage of the attack on Cosmos bank […]

Read More