News

Fancy Bear Compromises Organizations via IoT Devices

Delaware, USA – August 7, 2019 – The Russian state-sponsored threat actor continues to be interested in IoT Devices and abuses them to infiltrate corporate networks. The Microsoft Security Response Center has published an article revealing details of recent activity of the Fancy Bear group (aka APT28, Sophacy, and Strontium). In April, Microsoft discovered attempts […]

MegaCortex Ransomware Makes the Next Step to Mass Attacks

Delaware, USA – August 6, 2019 – MegaCortex ransomware is rapidly evolving reducing the number of manual operations to a minimum. A couple of weeks ago, the first significant step was taken to simplify the infection process when malware authors compiled files the necessary for infection into a single signed executable. The new version of […]

LookBack Trojan Hunts the US Utility Firms

Delaware, USA – August 5, 2019 – The new malware was used in a spear-phishing campaign targeted at US companies in the utility sector. Proofpoint researchers discovered attacks in late June, all the emails were masked as notifications from the ‘US National Council of Examiners for Engineering and Surveying’ and contained failed examination alerts sent […]

Hexane Group Compromises ICT Related Entities

Delaware, USA – August 1, 2019 – The Hexane group has been active since the middle of last year, and as tensions in the Middle East increase, the group conducts more and more attacks targeting telecommunications companies and organizations in the oil and gas industry. The group was discovered by cybersecurity company Dragos Inc which […]

TrickBot Loader Targets Windows Defender

Delaware, USA – July 31, 2019 – The new version of notorious TrickBot banking trojan stops Windows Defender and blocks the launch of a number of anti-virus solutions before loading the main component. Сybersecurity expert Vitali Kremez and MalwareHunterTeam analyzed the malware and found new methods to bypass the protection of Windows 10 systems. The […]

MyDoom Worm is Still Alive

Delaware, USA – July 30, 2019 – The fifteen-year-old worm is not just alive but also generates more than 1% of emails with malicious attachments worldwide. Now, of course, it is less of a threat than in 2004, but its capabilities and polymorphic nature leave malware “afloat”. A recent analysis by Brad Duncan, Palo Alto […]

New Magento Skimmer by MageCart Group

Delaware, USA – July 29, 2019 – Cybercriminals install a new Magento skimmer on compromised websites that downloads malicious JavaScript from the Google-like internationalized domain name. The skimmer was discovered by Sucuri researchers and during the analysis, they also found new evasion capabilities of the script. In this case, the attackers registered google-analytîcs[.]com, in the […]

Electric Utility in Johannesburg Suffers Ransomware Attack

Delaware, USA – July 26, 2019 – Yet another ransomware attack targeting the urban infrastructure happened in South Africa threatening to cut off electricity to many Johannesburg residents. Systems of utility company City Power were encrypted by unknown threat actors making it impossible for prepaid users to buy electricity. The adversaries chose the perfect moment […]

One Step Closer to BlueKeep Exploit

Delaware, USA – July 25, 2019 – After a nearly two-month lull, there has been significant progress in creating a working exploit for BlueKeep flaw (CVE-2019-0708) due to the publication of a detailed technical analysis of the critical vulnerability and incomplete PoC exploit to attack WinXP systems. We recall that this ‘wormable’ vulnerability allows cybercriminals […]

FIN8 Starts to Use New Malware After Returning to Business

Delaware, USA – July 24, 2019 – The financially motivated cybergang has returned after a two-year absence with a new backdoor and is actively attacking targets in the hospitality and retail sectors. The FIN8 group, which appeared in early 2016, uses backdoors to gain access to the victims’ network and to install POS-malware on key […]