News

JhoneRAT Trojan Spreads Across the Middle Eastern Countries

Delaware, USA – January 24, 2020 – The new trojan is distributed via phishing emails and does not activate if it does not detect Arabic when checking keyboard layouts. JhoneRAT malware was analyzed by researchers from Cisco Talos who discovered an ongoing campaign started in November 2019. The threat actor behind this campaign is interested […]

sLoad Authors Update Malware After Microsoft’s Report

Delaware, USA – January 23, 2020 – Attackers very quickly released an updated version of sLoad after Microsoft published a detailed analysis of malware, and it seems that they will have to work on the update again. In mid-December, the Microsoft Defender ATP Research Team analyzed the multi-stage malware downloader known for several years whose […]

Webinar: Live Demo – Threat Detection Marketplace

Delaware, USA – January 22, 2020 – Starting this Tuesday, January 28 at 10 am PST, Jordan Camba will demonstrate the capabilities and benefits of Threat Detection Marketplace‍ (https://my.socprime.com/en/tdm/) – the world’s largest repository of threat-hunting content used by 3400+ organizations and 7000+ security specialists in 144 countries. TDM hosts thousands of content items including search […]

Attackers Test 5ss5c Ransomware on Chinese Organizations

Delaware, USA – January 21, 2020 – The first test samples of the new ransomware appeared back in November 2019 but remained almost ignored at a time of resonant hacks and updated malware scene veterans. Blaze analyzed new versions of 5ss5c and found evidence that the new strain is based on Satan ransomware, which almost […]

Mitsubishi Electric Confirms Data Breach

Delaware, USA – January 20, 2020 – After publication information about the data breach in several local newspapers, Mitsubishi Electric released short confirmation with a minimum of details. The company discovered suspicious activity on June 28 last year, and an internal investigation began two months later. According to published materials, the Chinese state-sponsored group Bronze […]

NotRobin Malware: the Battle for NetScaler Devices

Delaware, USA – January 17, 2020 – The CVE-2019-19781 vulnerability discovered at the end of last year has been actively exploited by attackers for several weeks, and many PoC exploits are publicly available, while Citrix will only release updates at the end of the month. NotRobin malware stands out among the many cryptocurrency miners and […]

InfiniteWP Client And WP Time Capsule Receive Patches Addressing Critical Vulnerability

Delaware, USA – January 16, 2020 – Popular WordPress plugins contain logical issues in the code allowing adversaries to login into an administrator account without a password. Updates came out last week, but security advisory by WebArx experts was published only this Tuesday, so now not only Windows requires to be updated as soon as […]

Microsoft Patches CVE-2020-0601 in Windows Cryptographic Library

Delaware, USA – January 15, 2020 – It seems that in the past few days, news about this vulnerability has been heard by everyone, and not so much because of its severity, but because the National Security Agency discovered it and reported to Microsoft. Before this, the NSA kept information about ‘discoveries’ for ‘internal use’, […]

Emotet is Back Again Using New Lure Text in the Documents

Delaware, USA – January 14, 2020 – Emotet malware finished its winter vacation, and immediately after returning to service launched spam campaigns targeting 80+ countries. This time, the Emotet operators went on vacation shortly before Christmas, on December 21, but unlike the summer break, the command-and-control infrastructure continued functioning. Three weeks later, on Monday morning, […]

Albany International Airport Suffers Sodinokibi Attack

Delaware, USA – January 13, 2020 – Albany International Airport’s systems suffered a ransomware attack on Christmas and the airport authority decided to pay the ransom to restore data on the airport’s servers and its backup servers. Sodinokibi (aka REvil) affiliates compromised managed service provider, LogicalNet, from whose network the airport systems were infected. The […]