Delaware, USA – May 30, 2019 – More than 50 thousand Windows MS-SQL and PHPMyAdmin servers were infected with cryptocurrency mining malware during Nansh0u campaign. Guardicore Labs’ experts discovered a malicious campaign in early April and tracked its beginning to the February 26th. During the investigation, the experts discovered 20 variants of malicious payloads, the […]
Delaware, USA – May 29, 2019 – Robert Graham from Errata Security published research that clarified the number of vulnerable systems to CVE-2019-0708 (aka BlueKeep). Despite the fact that two weeks have passed since the update was released, and all media resources literally scream about the danger of this vulnerability, about 950,000 unpatched systems with […]
Delaware, USA – May 28, 2019 – The Chinese hacker group APT10 (also known as Stone Panda) started using new loaders during the cyber espionage campaign in Southeast Asia. The campaign was discovered at the end of last month by security researchers from enSilo, with the help of new malware adversaries deliver modified tools used by […]
Delaware, USA – May 27, 2019 – Cybersecurity company GreyNoise Intelligence detected scans for systems vulnerable to CVE-2019-0708 flaw also known as BlueKeep. Researchers spotted sweeping tests from several dozen hosts around the Internet. All of them are exiting Tor nodes and it seems like a single threat actor conducts reconnaissance preparing for the attack. […]
Delaware, USA – May 24, 2019 – One of the relatively new malware downloaders was significantly improved by the authors after the publication of its analysis in the Cisco Talos blog. In April, the mass distribution of JasperLoader via a spam campaign targeted at Europeans was recorded. Adversaries leveraged it to deliver Gootkit banking Trojan, […]
Delaware, USA – May 23, 2019 – The Infamous SeedWorm hacking group (also known as MuddyWater APT) expanded their Tactics, Techniques, and Procedures and started using new methods to collect data on infected systems bypassing security solutions. The APT group operates primarily in the Middle East, but recently they also targeted organizations in Europe and North […]
Delaware, USA – May 22, 2019 – While we are all preparing to oppose attacks that exploit CVE-2019-0708 vulnerability, infamous exploit developer SandboxEscaper publishes her new findings on GitHub. A new exploit for the Task Scheduler vulnerability allows elevating privileges of a limited user account up to admin access. The available code can be used […]
Delaware, USA – May 21, 2019 – Last week, Microsoft released a patch for the critical vulnerability (CVE-2019-0708 aka BlueKeep) in Remote Desktop Services which allows adversaries to connect to a target system via RDP and gain full access without authentication. This vulnerability affects the old versions of the operating system: Windows XP, Vista, Windows […]
Delaware, USA – May 20, 2019 – Researchers from Chronicles, Alphabet’s cyber-security division, discovered and analyzed the Linux version of the tool used by the Chinese state-sponsored group. The Winnti group has attracted a lot of media attention in recent months, thanks to the report on the unsuccessful attack on the German drugmaker Bayer and […]
Delaware, USA – May 17, 2019 – Adversaries conduct a cyber espionage campaign in Asia region abusing ASUS WebStorage software to infect their victims with a backdoor. At the end of April, ESET researchers uncovered a campaign distributing Plead malware in Taiwan and noted an unusual way of spreading malware associated with the BlackTech hacker […]