The Covid19 outbreak has revealed a number of blind sides of cybersecurity. We do our best to keep you in the picture of the latest trends on our Weekly Talks, webinars, relevant content Digests. However, human curiosity in the flood of information may be a weak spot. FormBook, the infostealer known since 2016, has been […]
Today’s post is about fresh versions of Hancitor trojan and a couple of rules released by Threat Bounty Program participants which enables security solutions to detect them. Hancitor Trojan (Evasion Technique) community rule by Emir Erdogan: https://tdm.socprime.com/tdm/info/GwJ4Y7k7tzaz/1rBKXHMBSh4W_EKGF2on/?p=1 Hancitor infection with Ursnif exclusive rule by Osman Demir: https://tdm.socprime.com/tdm/info/DXrFgt0kTBg1/Z9TBUXMBPeJ4_8xc-IFm/ This malware appeared in 2013 and at the […]
This week we will not highlight any rule in the “Rule of the Week” section, because the hottest rules have already been published in yesterday’s special digest dedicated to the rules that detect exploitation of a critical vulnerability in Windows DNS Servers, CVE-2020-1350 (aka SIGRed). Today’s publication is dedicated to the detection of GoldenHelper malware […]
In one of our Threat Hunting Content blog posts, we already observed a rule to detect Avaddon ransomware, a new Ransomware-as-a-Service variant that was first spotted in early June. One of the most active distributors of Avaddon ransomware is Phorpiex botnet, which recently recovered from losses incurred earlier this year. Infected systems can send tens […]
The new WastedLocker ransomware was first spotted in May 2020. It was developed by the high-profile Evil Corp group, which previously used the Dridex trojan to deploy BitPaymer ransomware in attacks targeting government organizations and enterprises in the United States and Europe. Last year, part of the attackers left the group and started their own […]
Last week, F5 Networks, one of the world’s largest provider of application delivery networking products, released a security advisory to warn their customers about a dangerous vulnerability that cybercriminals could start exploiting in the near future if it wasn’t already exploiting in the wild. The security flaw was discovered in multi-purpose networking devices (BIP-IP) that […]
Another ransomware family appeared this spring and is actively used in targeted attacks against enterprises and government agencies. In mid-May, cybercriminals attacked the network of the Texas Department of Transportation, but unauthorized access was discovered, and as a result, only part of the systems was encrypted. In this attack was used new ransomware – Ransom […]
As Google and Mozilla bring the widespread use of DNS over HTTPS protocol, more malware authors also adopt this perfect opportunity to hide malicious traffic. The recently discovered versions of PsiXBot abuse Google’s DoH service to retrieve the IPs for the command-and-control infrastructure. The malware appeared in 2017 as a simple infostealer that is capable […]
It’s no secret that phishing attacks are one of the most effective ways to infect the target with malware. Typically, adversaries expect to convince a user to open a malicious document and enable macros or use vulnerabilities in MS Office for deploy malware. We regularly publish rules (1, 2, 3) for detecting phishing campaigns or […]
Latin American banking trojans are just about to make a separate trend in malware writing. Adversaries regularly create new Trojans or Exploit Kits to attack bank users in Brazil, Mexico, and Peru, and with each new malicious campaign expand their target lists first to neighboring countries, and then to worldwide campaigns. In our recently published […]