Month: October 2018

CommonRansom Demands Remote Desktop Access to Encrypted System

Delaware, USA – October 31, 2018 — New Ransomware strain not only requires a ransom payment in bitcoins but also demands the victim to provide remote access to the infected system to decrypt the data. Security researcher Michael Gillespie discovered CommonRansom ransomware yesterday, and it is still not known how it is distributed. This ransomware […]

Read More
Coin Ticker App Installs Backdoors on MacOS

Delaware, USA – October 30, 2018 — The researchers discovered an application for MacOS that monitors cryptocurrency rates and installs EvilOSX and EggShell backdoors on the system. It is not known for sure whether the attackers compromised the Coin Ticker app or whether the application was designed for malicious purposes. The latter option is more […]

Read More
Emotet Uses Domain Hijacking to Trick DMARC

Delaware, USA – October 29, 2018 — Emotet malware operators have found a way to bypass anti-spoofing protection by domain hijacking. Cybercriminals behind this ex-trojan continually modify the delivery mechanism, as they use a ready-made infrastructure to distribute the malware of other threat actors such as Trickbot, Zeus Panda and IceID. Earlier this month, the […]

Read More
FilesLocker Ransomware Appears on Chinese Underground Forums

Delaware, USA – October 26, 2018 — Another representative has expanded the list of Ransomware-as-a-service platforms. FilesLocker Ransomware is being marketed through the Chinese underground forums hidden in Tor network. The authors offer malware for free, but every attacker who spread FilesLocker should infect at least ten victims every day and return to the developers […]

Read More
Magecart Operators Poison Magento Extensions

Delaware, USA – October 25, 2018 — It is already known about 20 Magento extensions that are vulnerable to the attacks of cybercriminal groups behind the Magecart operation. Security researcher Willem de Groot, who has long been following the Magecart activity, identified sixteen extensions and asked the public for help to identify the others. The […]

Read More
SandboxEscaper Publishes New Zero-Day Exploit

Delaware, USA – October 24, 2018 — A security researcher hiding under the SandboxEscaper nickname published on GitHub a proof-of-concept exploit for the second zero-day vulnerability he discovered and reported this via the Twitter account. A new exploit enables privilege escalation in Microsoft Data Sharing (dssvc.dll) and allows an attacker to delete critical system files. […]

Read More
DarkPulsar Used in Attacks on Aerospace and Nuclear Industry

Delaware, USA – October 23, 2018 — Last year, the Shadow Brokers group stole a number of hacking tools and exploits from the Equation Group associated with the NSA, and some of them were disclosed to the public. The most serious and noticeable consequences came from the publication of the EthernalBlue exploit and the subsequent […]

Read More
Asia Countries Attacked by Datper Malware

Delaware, USA – October 19, 2018 — The Bronze Buttler group (aka Redbaldknight) continues to use Datper malware in attacks in the East Asia region. Bronze Buttler has been active since 2016 and is presumably located in the People’s Republic of China, the primary targets of attacks are located in South Korea and Japan. Attackers […]

Read More
GreyEnergy APT Group Targets Industrial Networks

Delaware, USA – October 18, 2018 — GreyEnergy APT group conducts cyber espionage and reconnaissance operations, preparing the ground for further destructive attacks. Researchers from ESET believe that the group appeared as a result of the separation of BlackEnergy into two groups with different tasks: GreyEnergy and Telebots. The APT group uses own malware framework, […]

Read More
Cybercriminals Use New Trick to Bypass Antivirus Solutions

Delaware, USA – October 17, 2018 — Researchers at Cisco Talos discovered several campaigns that use the new trick to infect victims with infostealers. Attackers distribute Loki, Agent Tesla and Gamarue malware, which can steal passwords from popular programs, take screenshots, record video from a webcam and download additional payload. Researchers associate these campaigns with […]

Read More