Category: Threat Watch – Binary Defense

Rowhammer Attacks Are Back on Stage

Read the original article: Rowhammer Attacks Are Back on Stage Researchers at Sopho’s have observed a sort of reboot to a classic, mostly theoretical, attack named Rowhammer. This attack involves repeatedly attack a specific address in memory enough to affect…

Ryuk Adding New Tools to Their Arsenal

Read the original article: Ryuk Adding New Tools to Their Arsenal Advintel has released a report detailing the Tactics, Techniques, and Procedures (TTPs) behind the Ryuk ransomware, including some new observations made by their team throughout 2021 so far. Remote…

NFT Site Rarible Targeted in Typosquatting Campaign

Read the original article: NFT Site Rarible Targeted in Typosquatting Campaign Non-Fungible Tokens (NFTs) have become extremely popular as of late and have been making people a lot of money. Quite simply, NFTs are digital comps or artwork and other…

Celsius Cryptocurrency Breach

Read the original article: Celsius Cryptocurrency Breach The cryptocurrency rewards program platform Celsius network has disclosed a security breach that led to customer information being exposed. Celsius CEO Alex Mashinsky stated that a third-party marketing server was compromised and that…

IcedID Malware Ramping Up

Read the original article: IcedID Malware Ramping Up Following the takedown of Emotet, a hole was left in the malspam-as-a-service cybercrime ecosystem. IcedID, a well-known banking trojan used by multiple distinct threat groups, now seems primed to fill that hole…

Researcher Discovers Kubernetes Denial of Service Vulnerability

Read the original article: Researcher Discovers Kubernetes Denial of Service Vulnerability CVE-2021-20291 was discovered earlier this month by Aviv Sasson. This effort was part of a security audit surveying multiple Go libraries that Kubernetes relies on to function. This vulnerability…

Microsoft Exchange Server Vulnerabilities, Patch Now

Read the original article: Microsoft Exchange Server Vulnerabilities, Patch Now Microsoft has released a security update for the Exchange Server that addresses four vulnerabilities with severity scores ranging from high to critical. All the security flaws lead to remote code…

Multiple Tasmania Casinos Affected in Ransomware Attack

Read the original article: Multiple Tasmania Casinos Affected in Ransomware Attack Two out of the four casinos that are located on the Australian island of Tasmania have been affected by a ransomware attack. The attack targeted the sole casino operator…

Risk and Compliance Company LogicGate Suffers Data Breach

Read the original article: Risk and Compliance Company LogicGate Suffers Data Breach Some information has finally been released regarding a breach of LogicGate that occurred back in February. Until this week, the company had only disclosed the information to their…

Pierre Fabre Hit With $25 Million Ransomware Attack

Read the original article: Pierre Fabre Hit With $25 Million Ransomware Attack Leading French pharmaceutical group, Pierre Fabre, suffered a REvil ransomware attack where the attackers are demanding a ransom payment in Bitcoin worth approximately $25 million USD. Pierre Fabre…

TriHealth Affected After Columbus Law Firm is Breached

Read the original article: TriHealth Affected After Columbus Law Firm is Breached Cincinnati, Ohio based health system TriHealth announced employee and patient data may have been accessed after a breach occurred at one of their partnering businesses. A law firm…

Healthcare Benefits Data Stolen During Belden Breach

Read the original article: Healthcare Benefits Data Stolen During Belden Breach After suffering a breach in November of 2020, Belden has disclosed that employee healthcare benefits and dependents from current and former employees were stolen. The information stolen includes names,…

REvil / Sodinokibi Updates New Safe Mode Functionality

Read the original article: REvil / Sodinokibi Updates New Safe Mode Functionality New versions of the Sodinokibi (also commonly known as REvil) ransomware were found last month with functionality for rebooting an infected workstation into Safe Mode. This was widely…

Android Malware Infiltrated Huawei’s Official App Store

Read the original article: Android Malware Infiltrated Huawei’s Official App Store Recently, analysts from the Russian anti-virus maker Dr.Web found ten Android apps from three developers that were infected with Joker, a type of Android Malware that signs up users…

Exposed and Unpatched SAP Applications Are Currently Being Targeted

Read the original article: Exposed and Unpatched SAP Applications Are Currently Being Targeted More than 400,000 organizations around the world currently use SAP’s customer relationship management (CRM), product lifecycle management (PLM) and supply chain management (SCM) applications. SAP and cloud…

IoT Provider Sierra Wireless Hit with Ransomware

Read the original article: IoT Provider Sierra Wireless Hit with Ransomware Less than a month ago on March 20th, 2021, Sierra Wireless suffered a ransomware attack which caused production of their IoT devices to stop. While the customer-facing products themselves…

New Maldoc Builder EtterSilent Being Used by Top Threat Actors

Read the original article: New Maldoc Builder EtterSilent Being Used by Top Threat Actors According to researchers at Intel 471, a new malicious document (maldoc) builder called EtterSilent has been heavily advertised on criminal forums since mid-2020. Top malware cybercriminals…

Fake LinkedIn Job Offer Delivers More_eggs Backdoor

Read the original article: Fake LinkedIn Job Offer Delivers More_eggs Backdoor The Threat Response Unit (TRU) at eSentire, a Waterloo, Ontario-based cybersecurity firm, has discovered an ongoing fake jobs spear-phishing scam that is infecting the computer systems of LinkedIn users…

Attackers Utilize GitHub’s CI/CD Actions Features

Read the original article: Attackers Utilize GitHub’s CI/CD Actions Features Recently, attackers have been utilizing the continuous integration/continuous delivery (CI/CD) features on GitHub (GitHub Actions) to merge unauthorized cryptocurrency miners into repositories. The attackers will fork a repository, include the…

“A41APT” Campaign Dropping Sophisticated Loader

Read the original article: “A41APT” Campaign Dropping Sophisticated Loader A new campaign dubbed A41APT was recently discovered by SecureList researchers documenting the use of a sophisticated loader module, Ecipekac (also known as SigLoader, HEAVYHAND, or DESLoader). This malware serves up…

Ubiquiti Breach More Serious Than Previously Announced

Read the original article: Ubiquiti Breach More Serious Than Previously Announced After previously disclosing limited details about what it described in December as a “third-party data breach,” new details that became public this week show that Ubiquiti customer-owned devices have…

Kansas Man Charged For Hacking Water Utility

Read the original article: Kansas Man Charged For Hacking Water Utility Recently, the US Department of Justice has announced an indictment for a Kansas man who is charged with hacking into the computer system of a local water utility and…

Fake COVID-19 Vaccine Card Scam

Read the original article: Fake COVID-19 Vaccine Card Scam US federal agencies have issued a warning against making, selling, or purchasing fake COVID-19 vaccination record cards as this is against the law. Additionally, using fake vaccination record cards could also…

VMware Patches Two Severe Vulnerabilities

Read the original article: VMware Patches Two Severe Vulnerabilities VMware published a security alert on Tuesday, March 30th, outlining two separate severe vulnerabilities within their vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager software. The vulnerabilities were reported…

Scammers Target Universities in Ongoing IRS Phishing Attacks

Read the original article: Scammers Target Universities in Ongoing IRS Phishing Attacks The Internal Revenue Service (IRS) is warning of ongoing phishing attacks targeting educational institutions. The attackers impersonate the IRS and use tax refund payments as bait while they…

Proof-of-Concept Decryptor Released for Black KingDom Ransomware

Read the original article: Proof-of-Concept Decryptor Released for Black KingDom Ransomware Cybersecurity company Cyberint has released a proof-of-concept (PoC) Python script to decrypt files encrypted by the Black KingDom ransomware. Black KingDom, responsible for infecting thousands of vulnerable Microsoft Exchange…

Docker Hub Host Images Shipping with Cryptominers

Read the original article: Docker Hub Host Images Shipping with Cryptominers Researchers from Palo Alto Network’s Unit 42 research group have discovered 30 images on Docker Hub embedded with Cryptominers. While most of these miners were embedded with XMRig for…

Australian TV Network Services Interrupted

Read the original article: Australian TV Network Services Interrupted Reports from the Australian TV network, Nine Network, stated they were the victim of an attack that affected their services, which was similar to a ransomware attack but without a ransom…

Apple Releases Emergency Update

Read the original article: Apple Releases Emergency Update Apple has released an emergency update for their iOS, iPadOS, and watch OS. The patches are numbered iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3. The vulnerability, which was discovered by Google’s Threat…

OpenSSL Update Fixes Two High-Severity Vulnerabilities

Read the original article: OpenSSL Update Fixes Two High-Severity Vulnerabilities The OpenSSL project released a new build yesterday that includes fixes for two vulnerabilities. CVE-2021-3449 allows for a denial of service against servers. If a maliciously crafted request to the…

Mamba Ransomware Stores Key in Plaintext

Read the original article: Mamba Ransomware Stores Key in Plaintext In an alert about Mamba ransomware, the FBI disclosed a weakness in the encryption process that could allow victims to decrypt files without paying the ransom, if the victim company…

Cisco Addresses Critical Security Flaws in Jabber Application

Read the original article: Cisco Addresses Critical Security Flaws in Jabber Application Cisco has addressed critical several security issues, one with a severity rating of 9.9/10. The primary flaw concerns Cisco Jabber software, a web conferencing and instant messaging app…

Facebook Blocks Chinese State-Sponsored Threat Actors

Read the original article: Facebook Blocks Chinese State-Sponsored Threat Actors Facebook has taken down numerous accounts they witnessed being used by Chinese state-sponsored threat actors. The accounts were linked to the threat actor known as EarthEmpusa or Evil Eye. The…

Over 6 Million Israeli Citizens Suffer Data Leak

Read the original article: Over 6 Million Israeli Citizens Suffer Data Leak Recently, attackers calling themselves “The Israeli Autumn” have published archives containing the full names, phone numbers, ID card numbers, home addresses, gender, age, and political preferences for over…

Shell Corporation Affected by Accellion FTA Vulnerability

Read the original article: Shell Corporation Affected by Accellion FTA Vulnerability Another victim has announced they’ve suffered a data breach due to Accellion’s File Transfer Appliance (FTA). The oil and gas giant Shell has made it known that an unauthorized…

MagnaDex Manga Site Down After Cyberattack

Read the original article: MagnaDex Manga Site Down After Cyberattack MangaDex is one of the largest manga scanlation (scanned translations) sites where visitors can read manga comics for free, with over 76 million visitors per month. After suffering a series…

Android Zero-day Actively Being Exploited

Read the original article: Android Zero-day Actively Being Exploited Tracked as CVE-2020-11261 and getting a CVSS score of 8.4, a now-patched vulnerability affecting Android devices that use the Qualcomm chipsets is being weaponized by attackers, according to Google. Google stated…

FBI Cleveland Division Warns of Financial Scams

Read the original article: FBI Cleveland Division Warns of Financial Scams The Cleveland Division of the FBI is issuing a warning to the greater North East Ohio community as an increase in reporting of financial scams coming in the form…

BlackKingdom “Ransomware” Attacks Vulnerable Exchange Servers

Read the original article: BlackKingdom “Ransomware” Attacks Vulnerable Exchange Servers Originally reported by Bleeping Computer, security researcher Marcus Hutchins recently uncovered a ransomware campaign leveraging the ProxyLogon vulnerabilities in order to spread and infect a wide variety of targets with…

FBI: Phishing Emails Are Spreading Trickbot Malware

Read the original article: FBI: Phishing Emails Are Spreading Trickbot Malware The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning for a phishing campaign that is attempting to infect PCs with Trickbot. Trickbot, first identified…

CopperStealer Malware Steals Google, Apple, Facebook Accounts

Read the original article: CopperStealer Malware Steals Google, Apple, Facebook Accounts This new malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer with a downloader feature that enables its operators to deliver additional malicious payloads…

Zoom Screen Share Flaw Can Expose Information

Read the original article: Zoom Screen Share Flaw Can Expose Information A recently discovered bug being tracked as CVE-2021-28133 is affecting Zoom users. The flaw lies within the screen sharing function of the application and was tested on versions 5.4.3…

15-Year-Old Bugs in Linux Kernel Still Vulnerable

Read the original article: 15-Year-Old Bugs in Linux Kernel Still Vulnerable On March 12, 2021 three vulnerabilities in Linux were publicly disclosed revealing kernel issues dating back fifteen years: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 While the code is not remotely accessible, it…

15 Year Old Bug(s) in Linux Kernel Still Vulnerable

Read the original article: 15 Year Old Bug(s) in Linux Kernel Still Vulnerable On March 12, 2021 three vulnerabilities, CVE-2021-27363, 27364, and 27365 , were publicly disclosed revealing kernel issues dating back fifteen years. While the code is not remotely…

Finland Attributes Parliament Attack to APT31

Read the original article: Finland Attributes Parliament Attack to APT31 After a long period of case review, along with cooperation from partners abroad, Finnish officials have formally blamed the cyber attacks against their Parliament on the Chinese state-sponsored hacking group…

Payment Card Data Leaked from Seized WeLeakInfo Website

Read the original article: Payment Card Data Leaked from Seized WeLeakInfo Website In January 2020, the FBI seized the internet domain WeLeakInfo[.]com. The website served as a breach notification service, similar to HaveIBeenPwned, with one key difference. Unlike HaveIBeenPwned, WeLeakInfo…

PYSA Ransomware Targets Education Sector

Read the original article: PYSA Ransomware Targets Education Sector Reports from the Cyber Division of the FBI warn of an uptick in PYSA ransomware attacks that have been targeting the education sector in recent months. The actors behind the ransomware…

Critical Vulnerabilities in Microsoft DNS

Read the original article: Critical Vulnerabilities in Microsoft DNS On Tuesday March 9, 2021 Microsoft rolled out its monthly update. Included in these fixes were seven security updates involving DNS vulnerabilities and of those seven, five included remote code execution…

Blender Website Partially Restored Following Hacking Attempt

Read the original article: Blender Website Partially Restored Following Hacking Attempt The official Twitter account for, an open-source 3D graphics and animation software pipeline, announced on Sunday that the website had been brought down for maintenance due to “a hacking attempt.” During…

Microsoft Releases One-Click Mitigation for CVE-2021-26855

Read the original article: Microsoft Releases One-Click Mitigation for CVE-2021-26855 To remediate the recent Exchange server vulnerabilities, Microsoft has released a new mitigation tool to assist organizations in their efforts to help stop the ongoing exploitation against vulnerable Exchange servers.…

Magecart Attackers Hide Credit Card Data in Images

Read the original article: Magecart Attackers Hide Credit Card Data in Images Recently, attackers associated with credit card skimming attacks known collectively as “Magecart” have begun using image steganography to exfil stolen email data, as originally reported by BleepingComputer. Magecart…

Fastway Couriers Reveals Data Breach

Read the original article: Fastway Couriers Reveals Data Breach International parcel courier service Fastway Couriers has revealed that they suffered a data breach that was identified by a third-party IT service provider on February 25th, 2021 and Fastway was notified…

DearCry Ransomware Makes its Debut

Read the original article: DearCry Ransomware Makes its Debut In the wake of the ongoing rush to patch the four vulnerabilities affecting Microsoft Exchange servers, a new Ransomware called DearCry has begun to exploit those vulnerabilities. Since Microsoft confirmed its…

Spanish Government Attacked with Ryuk Ransomware

Read the original article: Spanish Government Attacked with Ryuk Ransomware The Spanish government agency for labor has been attacked by Ryuk ransomware and following the attack, more than 700 agency offices throughout Spain have been affected. The agency’s website stated…

FIN8 Bolsters Their BADHATCH Backdoor

Read the original article: FIN8 Bolsters Their BADHATCH Backdoor After apparently lying dormant for some time, the financially motivated cybercrime group FIN8 have made their return. FIN8 threat actors have been observed recently using a new version of the BADHATCH…

OVH Datacenter Goes up in Flames

Read the original article: OVH Datacenter Goes up in Flames ZDNet reported that a disastrous fire has done severe damage to some of OVH’s Strasbourg datacenters. Of the damaged datacenters, SBG2 is completely destroyed, while parts of SBG1 are only…

zoMiner Botnet is Targeting Elasticsearch and Jenkins Servers

Read the original article: zoMiner Botnet is Targeting Elasticsearch and Jenkins Servers After being discovered in November 2020, the zoMiner botnet has shifted directions to target vulnerable versions of Elasticsearch and Jenkins servers. According to Qihoo 360’s Network Security Research…