News

Monero Ransomware: New Trend or Test for Delivery Mechanism?

Delaware, USA ā€“ January 24, 2018 ā€“ The popularity of bitcoin among cybercriminals continues to fall, and forensic firm Chainalysis says that the use of bitcoin in the DarkNet fell from 30% to 1%. More and more adversaries switch to other crypto-currencies to make it more challenging to track them. Researchers from Fortinet discovered an […]

Malvertising Campaign EvilTraffic Leverages Thousands Compromised Websites

Delaware, USA ā€“ January 23, 2018 ā€“ Experts from CSE Cybsec discovered a huge malvertising campaign – EvilTraffic. Adversaries attack WordPress websites exploiting CMS vulnerabilities, and then upload to compromised websites a zip archive with malware, which after unpacking redirects visitors via hitcpm.com to malicious sites generating advertising traffic. The advertising websites contain links to […]

Vulnerabilities in Gemalto’s SafeNet Sentinel

Delaware, USA ā€“ January 23, 2018 ā€“ 14 serious vulnerabilities were discovered in Gemalto’s SafeNet Sentinel solution, some of which could lead to remote code execution or denial of service. Gemalto has already released patches that fix detected vulnerabilities but did not notify users of the severity of existing threats, so not all solutions have […]

SamSam ransomware campaign

Delaware, USA ā€“ January 22, 2018 ā€“ Over the past month, a hacker group that spreads SamSam Ransomware has conducted a number of successful attacks against organizations in the US, Canada and India. Since December 25, adversaries have managed to get more than 25 bitcoins ransom. Significant media attention was attracted to the story of […]

Dridex Banking Trojan is Distributed via Compromised FTP Sites

Delaware, USA ā€“ January 22, 2018 ā€“ Last week, researchers from Forcepoint Security Labs registered a spam campaign distributing the latest version of Dridex banking trojan. For approximately seven hours there were sent about 10,000 emails containing links to compromised FTP servers. Adversaries used two document types in this campaign: DOC files abused the DDE […]

Dark Caracal: Global Cyber Espionage Campaign Operators

Delaware, USA ā€“ January 19, 2018 ā€“ It became known about yet another global cyber espionage campaigns, which were conducted for at least five years and affected thousands of victims in more than 20 countries. Researchers from Lookout and the Electronic Frontier Foundation published the detailed report on the operations of a cybercriminal group dubbed […]

Hackers Spread Zyklon Malware via Phishing Emails

Delaware, USA ā€“ January 18, 2018 ā€“ Researchers from FireEye discovered spear phishing campaign that distributes Zyklon backdoor. The campaign targets telecommunications industry, as well as financial and insurance companies. Emails contain a zip archive with malicious MS Word document that exploits one of three known vulnerabilities in MS Office to deliver malware to the […]

Attackers Infect Linux and Windows Servers with RubyMiner

Delaware, USA ā€“ January 18, 2018 ā€“ An unknown hacker group compromises servers with outdated software to infect them with RubyMiner malware. To find such web servers, they use the p0f utility: they are interested in both Linux and Windows servers vulnerable to exploits discovered in 2012 and 2013. Researchers from Checkpoint claim that at […]

Skygofree: powerful tool for cyber espionage

Delaware, USA ā€“ January 17, 2018 ā€“ Researchers from Kaspersky Lab published a report on the discovered trojan for Android created three years ago and evolved during this time into one of the most effective tools for cyber espionage. The latest version of Skygofree was detected in October 2017. The most impressive of its functions […]

MaMi – new DNS Hijacker for MacOS

Delaware, USA ā€“ January 17, 2018 ā€“ Last week, a researcher from Objective-see studied and described the newly discovered malware for MacOS, which was not detected by antivirus solutions. OSX / MaMi modifies DNS settings on the infected assets and installs own root certificate to intercept encrypted traffic. Adversaries can use this tool to perform […]