News

BPC attack against banks in former Soviet Republics

Delaware, USA – October 16, 2017 – Researchers from Trend Micro report an attack on financial institutions in several former Soviet Republics. Adversaries leveraged business process compromise attack to steal approximately 40 million dollars. In this cases, adversaries exploited the overdraft limit on payment cards: they sent emails to banks’ customers with a proposal to […]

DNSMessenger returns

Delaware, USA – October 13, 2017 – Researchers from Cisco Talos reported a targeted attack on a number of organizations in the US, in which adversaries used fileless Remote Access Tool DNSMessenger. This campaign is notable for the leveraging of a compromised government server, and the method of distribution. Malicious emails were disguised as messages […]

FIN7 improves infection and obfuscation techniques

Delaware, USA – October 12, 2017 – Researchers from ICEBRG actively monitor the activities of the FIN7 hacker group and recently discovered significant changes in their techniques. One of the primary tools of FIN7, the backdoor HALFBAKED, is continuously being changed and modified by attackers. The latest detected modification is able to extract the auto-complete […]

POS Malware Breach at Sonic Drive-In

Delaware, USA – October 11, 2017 – Sonic Drive-In, a fast food restaurant chain in the United States, was attacked by cybercriminals that used POS terminals malware for stealing data on visitors’ payment cards. The restaurant chain has more than 3,500 locations in 45 states. Data breach affected approximately 5 million payment cards. On September […]

Web Mining Detector now uncovers connections to Crypto-Loot platform

Delaware, USA – October 10, 2017 – In connection with the recent launch of a new platform that provides JavaScript cryptocurrency miners for integration into web pages, Web Mining Detector SIEM use case has been updated to version 1.1. Now it contains all the necessary indicators of compromise to detect any connections to this platform. […]

Dnsmasq vulnerabilities

Delaware, USA – October 10, 2017 – In early October, experts from Google published information on the research about the popular DNS forwarder and DHCP server – Dnsmasq. This program is used in routers and some IoT devices and it is also included in various Linux distributions. Currently, Shodan detects about 1.2 million devices with […]

FormBook infostealer targets aerospace and defense industry

Delaware, USA – October 09, 2017 – We have recently written that credential theft attacks have become more frequent. Last Thursday, researchers from FireEye, Arbor Networks and ISC SANS reported several campaigns that were targeted at the aerospace and defense industry mainly in the US, India and South Korea. The primary distribution vector is spear […]

Locky Ransomware disguises as a document scanned with Konica Minolta C224e

Delaware, USA – October 09, 2017 – For more than two weeks, Locky has been distributed by the Necrus botnet through emails with the subject “Status of invoice” and attached 7z archive containing a malicious VBS script. Encrypted files are assigned the .ykcol extension; this may be a reference to the same named virus that […]

Cryptocurrency mining came to a new level

Delaware, USA – October 04, 2017 – The second half of September was marked by a significant increase in the number of incidents with JavaScript cryptocurrency miners. The idea of ​​cryptocurrency mining instead of displaying advertising banners was realized in 2013, but until recently it was not very popular. On September 14, the Coinhive platform […]

Forward Defense becomes SOC Prime’s partner

Delaware, USA – October 04, 2017 – SOC Prime, Inc. announces a new partnership with Forward Defense, a UAE-based leading information security advisor and integrator, to assist in their goal of providing world-class, innovative, value-added services and guidance to customers and establishing a position of leadership.