Microsoft patched around 99 important/critical vulnerabilities in their most recent February Patch Tuesday. Among those vulnerabilities was a critical vulnerability (CVE-2020-0688) affecting all versions of Microsoft Exchange, which allows attackers to remotely execute code through ViewState. ViewState is server-side data…
Tag: Threat Watch – Binary Defense
Iranian APT Behind ForeLord Malware
Iran: A new malware that has been dubbed ForLord was found targeting government officials and corporations from mid-2019 to January 2020. The malware was distributed through emails and targeted corporations in the countries of Turkey, Jordan, and Iraq. Government officials…
SQL Dump Shared on Hacker Forum
A large SQL dump was found by the team at Under the Breach that contained about 21.5 GB of uncompressed data from at least two different sites. The SQL, which is a method of communicating with a database, were obtained…
IMP4GT Attack Targets 4G Networks
Ruhur-Universität Bochum researchers have seen a new attack that targets 4G networks and allows attackers to operate as a user. Research reveals that IMP4GT affects any device that uses LTE to communicate, including phones, tablets, and other IoT devices. Two…
New “ObliqueRAT” Targeting Southeast Asia
Researchers at Cisco Talos have come across a new RAT (Remote Access Trojan) that they are calling ObliqueRAT. The new RAT appears to be targeting Southeast Asian organizations through attached Word documents with macros. Cisco Talos also believes there may…
Google Patches Chrome Zero-Day Being Actively Exploited
Google has released a Chrome update that patches three different security bugs, including a zero-day vulnerability that has been actively exploited. Google has not made any details of the active exploitation of the zero-day public though. The only detail being…
DopplePaymer Actors Set up Public Site to Post Data:
Just like the Maze ransomware authors, the DopplePaymer ransomware authors have created a public site to post victim’s data should they refuse to pay the ransom. This site should serve as a motivator for companies hit by DopplePaymer to pay…
Mexico’s Economy Ministry Involved in Cyber-attack
Mexico’s economy ministry detected a cyber-attack on February 23, 2020. The servers that were targeted in the attack did not contain any sensitive information. After the attack was discovered, security measures were increased to prevent future attacks. It was not…
Mozart Malware Hides Traffic
Discovered by MalwareHunterTeam, a new backdoor malware, called Mozart, has been found using DNS protocol to communicate with remote attackers to evade detection by security software. Normally when a malware communicates for commands, it does over HTTP/S protocols for ease…
More Than 123 Million Records Leaked by Decathlon
The France-based sports retailer Decathlon noticed recently that over 123 million records that included customer and employee information were exposed through a misconfigured database. A 9GB database on an Elasticsearch server was discovered by researchers at vpnMentor. From observations by…
Defense Information Systems Agency Suffers Data Breach
The Defense Information Systems Agency (DISA) announced that it was the subject of a significant data breach. DISA provides IT support and services to the White House, the President and Vice-President, US Secret Service, Joint Chiefs of Staff and more.…
Slickwraps Breached, Customer and Employee Data Exposed
Slickwraps, a store for creating custom “skins” for mobile devices, consoles and more have recently alerted customers to a data breach. After finding a path traversal vulnerability with the image uploader used for designing skins, Twitter user @Lynx0x00 (whose account…
Critical Vulnerabilities in Honeywell Fire Alarm Systems
Honeywell released a firmware update to patch two vulnerabilities in the NOTI-FIRE-NET Web Server (NWS-3) product. One of the vulnerabilities, identified as CVE-2020-6972, allows an attacker to bypass the authentication system to gain access to the administration dashboard and control…
Exaggerated Lion Using G-Suite in Business Email Compromise Campaigns
Exaggerated Lion: A newly discovered threat group, dubbed Exaggerated Lion, is believed to have targeted over 2,100 organizations in the US with Business Email Compromise (BEC) campaigns since 2013. The group is distributed between multiple countries around Africa including Nigeria,…
ISS World Suffers Ransomware Attack
The integrated facility services provider ISS World recently suffered a cyber-attack that caused its websites to go down for a few days and disrupted email services. It was reported that the attack left nearly 43,000 UK staff without email access.…
Ring Doorbell Forces Two-Factor Authentication
The Ring doorbell camera system has become one of the most popular home security add-ons in recent years, but some people have questioned the security of the Internet of Things (IoT) devices. On Feb 18th, Ring president Leila Rouhi published…
WP-VCD Botnet Now Injecting Anti-Adblocker Scripts
WP-VCD is a WordPress botnet that has been around since early 2017. It is able to create backdoor accounts, spread to other installed themes, redirect visitors, inject ads, and add command and control capabilities to a victim’s site. Ad revenue…
Adobe Patches Two Critical Arbitrary Code Execution Vulnerabilities:
In an out-of-schedule patch, Adobe patched an out-of-bounds write for Adobe After Effects (CVE-2020-3765). This critical vulnerability affects Adobe After Effects versions 16.1.2 and earlier. Additionally, Adobe patched another out-of-bounds write for Adobe Media Encoder. This critical vulnerability affects Adobe…
Password Spraying Attack Allowed Hackers to Get Inside Citrix Systems’ Network
For a five-month period between 2018 and 2019, hackers gained access to systems belonging to Citrix. Citrix was notified of the breach in March of 2019 by the FBI, who informed Citrix that the breach appeared to have happened through…
Ransomware Attack Causes US Natural Gas Company to Shut Down for Two Days
The Department of Homeland Security has reported that an unnamed US natural gas company was forced to shut down operations for two days after being infected with ransomware. The ransomware was able to make its way into the company’s Information…
Dharma Ransomware Attacks Italian Users
Security researchers JAMESWT, TG soft and reecdeep have found new malicious spam (malspam) email campaign delivering ransomware that is currently targeting Italian Windows users. The Dharma ransomware is a variant of another ransomware family called Crysis. Dharma has been active…
DRBControl Threat Actor Potentially Behind Attack on Gambling Websites
DRBControl: Talent-Jump and Trend Micro have both released research after two different websites were confirmed to be hacked by what appears to be the same group. The threat group, called DRBControl by researchers, is believed to be based in China.…
Proof of Concept Released for SQL Remote Code Execution Patch
In a recent Microsoft patch, a fix was announced for 2020-0618 which allowed low-level authorized users to remotely execute code on Microsoft SQL servers. Using the functionality provided by the SQL Server Reporting Services web application, browser level users can…
Fox Kitten Targeting VPN Providers to Install Backdoors
Iran: A significant number of security bugs were disclosed last year pertaining to major VPN providers such as Pulse Secure, Palo Alto, Fortinet, and Citrix. A new report indicates that the Iranian government took notice of those vulnerabilities and set…
LokiBot Impersonating Epic Games Launcher
Researchers at Trend Micro have recently discovered a LokiBot variant disguising itself as the Epic Games Launcher. The variant uses the open source NSIS (Nullsoft Scriptable Install System) to create an installer application with the Epic Games logo to convince…
Hamas Cyber-efforts Use Fake Dating Applications to Target Israeli Soldiers
Hamas: Members of Hamas have created fake dating applications to target members of the Israel Defense Force (IDF). Researchers at Check Point have found at least three dating applications that were being used by the threat actors. GrizyApp, ZatuApp, and…
At Least 13 Companies Targeted by new Phishing Attacks
The researchers at MalwareHunterTeam have discovered a new phishing campaign targeting at least 13 companies, some of them very well known. This new campaign uses SLK (Symbolic Link) file attachments that are used by the Microsoft Excel program to share…
Ginp Banking Trojan Attempts to Lure Victims via SMS
Ginp was first recognized by Kaspersky labs in 2019 and was found to have all the capabilities of a standard Android banking trojan. Since a new version has surfaced, a new capability has been added as well. The trojan is…
Operator of Bitcoin Mixing Service and Darknet Search Engine Arrested in Ohio
Federal authorities arrested Larry Dean Harmon of Bath, Ohio for the part he played in the operation of Helix. Helix was a bitcoin mixing service which worked closely with the Darknet criminal market AlphaBay, which was taken down by federal…
Persistent Android Trojan xHelper Now Removable
Several months ago, the Android Trojan “xHelper” infected tens of thousands of devices, and was unable to be removed even after a factory reset of the phone. With the help of the user “misspaperwait,” Malwarebytes was recently able to discover…
USCYBERCOM Releases Malware Samples and Analyses Used by DPRK Cyber Actors
As a Valentine’s Day surprise, USCYBERCOM publicly released six malware samples on VirusTotal and seven malware analysis reports on the uploaded malware. As attributed by the National Cyber Investigative Joint Task Force (NCIJTF), these samples were used by North Korean…
$2.6 Million Lost in Scam Affecting Puerto Rican Government
A police report was filed yesterday documenting a scam that saw Puerto Rico’s Industrial Development Company send around $2.6 million dollars to criminals. Rubén Rivera, the company’s finance director said a payment was made on January 17th, 2020 when an…
Altice USA Breach
Altice USA Inc, provider of Optimum cable television and internet services in the New York tri-state area, can now be included in the long list of companies that have become victims of phishing scams. An official from the company states…
MoleRATs Working on Two Active Campaigns
MoleRATs: The Arabic speaking threat actor known as MoleRATs, which is part of a trio of groups, is believed to be behind two recent campaigns tracked by researchers from the Cybereason Nocturnus team. The first campaign is called Spark and…
Cloud-Based App Exposes Inmate’s Data
On January 3rd, researchers from VPNMentor uncovered an unsecured Amazon Web Services Simple Storage Service (S3) bucket, owned by JailCore, a cloud-based app used by multiple US correctional facilities. Anyone could access the files stored on the S3 bucket using…
KPOT Virus Infects Executable Files on Disk
The cybersecurity company Kaspersky has discovered a new virus, dubbed KPOT. KPOT is the first true computer virus in recent years—most infections tend to fall into other categories of malware. The term “virus” is often used interchangeably with “malware,” but…
Two Ukrainians Taken Into Custody for Cash-Out Scheme Against Russian Sberbank ATMs
Two of three Ukrainian men suspected of stealing $1.5 million USD from ATMs in Bosnia have been taken into custody by Bosnian authorities. The men are accused of stealing from ATMs belonging to the Russian State-owned bank Sberbank. Dmytro Boyko…
Outlaw Group Updates Toolkit
Outlaw: Researchers from Trend Micro have identified that after a few months of silence, the Outlaw crypto-mining group has returned. The group was last seen in June 2019, when they were using a similar toolkit to carry out attacks. In…
New PayPal Scam Seen in the Wild
Recent observations by researchers have revealed a new PayPal phishing email scam that attempts to obtain data, including Social Security numbers (SSN). Potential victims receive an email that states their account has been locked. Within the email is a bit.ly…
US Department of Justice Announces Indictment of Four Chinese Hackers for Equifax Breach
US Attorney General Bill Barr announced yesterday that four employees of China’s military have been charged with the 2017 Equifax breach. The defendants, who work for the 54th Research Institute of the Chinese People’s Liberation Army (PLA) were indicted for…
OurMine Continues Return to Activity With Attack on Facebook’s Twitter Account
OurMine: The self-proclaimed security group OurMine has struck again, this time targeting Facebook. The group compromised Facebook’s Twitter account this time instead of directly targeting Mark Zuckerberg as they did in 2016. As with their previous attacks, the group abused…
New Android Bluetooth Vulnerability Allows Silent Code Execution
Last November, the security company ERNW reported a critical vulnerability that affected Android’s implementation of Bluetooth. The vulnerability, dubbed “BlueFrag,” has been assigned CVE-2020-0022 and affects Android versions 8 and 9. Although Android 10 is technically affected, the exploit currently…
Sale of Corp.com Domain Could Pose Risk for Enterprises
Recently, the domain corp.com has gone up for sale for a price of $1.7 million USD. This domain would be particularly dangerous if a threat actor were to control it, due to the fact that many corporate domains have misconfigured…
Metamorfo Malware Returns to Target the Finance Industry
In April 2018, researchers first discovered the Metamorfo malware in various campaigns. The malware initially targeted Brazilian companies in the finance industry. Recently a new campaign to deliver the malware expanded its geographic range and added a keylogger function. The…
Android Malware Steals Data From Apps, Records Audio, Captures Screenshots
Threat actor groups have recently sent phishing email messages disguised as an invoice, targeting Android phone users with the malicious app known as Anubis. The phishing messages contain an attached Android Package Kit (APK) file. If the email message and…
Iranian APT 35 Group Posing as Journalist to Phish Victims
IRAN: The Iranian-backed threat group known as APT35 or Charming Kitten has recently used phishing email messages claiming to be a journalist to trick victims. The phishing campaign targets political figures and human rights activists, attempting to lure them into…
Emotet Evolves With Wi-Fi Spreader
While tracking Emotet activity, Binary Defense’s analysts found that Emotet dropped a Wi-Fi spreader that used brute-force password guessing, contained inside a self-extracting RAR file. Inside the RAR file were two files, worm.exe and service.exe, which were used to spread…
Members of Anonymous Hack UN Website to Support Taiwan
Anonymous: Members of the hacktivist collective Anonymous targeted a website belonging to the United Nations (UN). The specific page which was defaced was the UN’s Economic and Social Council web page. The group defaced the website with the Taiwanese flag,…
New “SaveTheQueen” Ransomware Found
New ransomware using the extension “.SaveTheQueen” was found in December by Twitter user @malwrhunterteam. To spread and track the infection, an attacker used the SYSVOL share on the domain controller by creating a scheduled task and creating log files for…
Australia’s Toll Group Hit With Ransomware Delaying Goods Shipments Globally
On Friday, the Australian logistics company Toll Group suffered a “cybersecurity incident” which has since been confirmed as ransomware. A spokesman stated that the company was the victim of a “targeted ransomware attack” and that a number of the company’s systems…
APT Gamaredon Improves Toolset
Gamaredon: A new report released by Sentinel Labs has illustrated how the well-known pro-Russian Advanced Persistent Threat (APT) Gamaredon has improved their toolkits in previous months to continue their campaigns. Attacks from the group have ramped up against Ukrainian national…
BitBucket Abused for Viruses
Researchers from Cybereason have discovered seven types of malware threats being hosted on the code hosting service Bitbucket. Cybercriminals use legitimate hosting services hoping to look less suspicious and infect more systems. They trick unsuspecting victims into downloading these viruses…
Lithuanian Employees Targeted by China’s Intelligence Services on LinkedIn
Lithuanian intelligence has reported that China has been reaching out to targets in Lithuania through LinkedIn. Typically, Chinese intelligence posing as fake Chinese companies will reach out to civil servants, information technology specialists, defense sector employees, scientists, and employees in…
Sodinokibi Operators Sponsor Hacking Competition
A Russian-speaking cybercriminal forum has recently announced a forum-wide competition with a $15k prize pool up for grabs sponsored by operators of the Sodinokibi ransomware. First place in the competition gets $5,000, with the prize decreasing by $1,000 for second…
Racine Computer Systems Taken Down by Ransomware
The City of Racine’s city website, email system, and online payment system were all knocked offline by ransomware early Friday morning. While the city’s Management Information Systems department worked Friday to determine the extent of the infection and began to…
Six Individuals Arrested in Connection With Bank of Valletta Breach
Late last week, Britain’s National Crime Agency (NCA) arrested six individuals in Belfast and London who are believed to be connected to laundering money stolen during a cyber-attack against the Bank of Valletta. Last February, hackers attempted to withdraw a…
Building Access Control Systems Actively Being Attacked
The Linear eMerge E3 building access system, created by Linear Solutions, has an unpatched vulnerability that was first announced in May 2019, identified as CVE-2019-7256. In November 2019, code that provided a proof-of-concept exploit was released publicly. Now, researchers from…
Three Law Firms Struck With Ransomware Within 24 Hours Over the Weekend
Brett Callow of Emsisoft says ransomware attacks have struck five law firms recently, including three just this past weekend. Two of the affected firms have already had their information, which includes that of their clients, posted online for anyone to…
TA505 Returns From Hiatus
TA505: Researchers from Microsoft have seen the threat group TA505 return from a short break of no activity. Since 2014, the financially motivated threat group has been notorious for spreading remote access trojans (RAT) to compromise retailers and large financial…
Trickbot Evolves with new RDP scanner:
Trickbot has evolved again with a new module, called rdpscanDll, which allows computers infected with Trickbot to scan other systems on the network for Remote Desktop Protocol (RDP) access. As there have been several critical RDP vulnerabilities released recently, this…
Winnti Group Targets Hong Kong Universities, Updates Backdoor
Winnti: Researchers at ESET discovered a new campaign by the Winnti Group in November that targeted two universities in Hong Kong. A few weeks after finding the Winnti malware, an updated version of their “ShadowPad” backdoor was also discovered. MITRE…
FBI and Binary Defense Warn of E-Skimming Threat to Online Retailers
CNBC reported on the threat to consumers and retailers from e-skimming attacks against online shopping websites. These attacks attempt to inject JavaScript into the checkout page of a retail website to steal consumers’ payment card details and personal information. Herb…
Electronic Warfare Associates (EWA) Infected by Ransomware
A government contractor known for their electronics work, EWA, became aware of a ransomware infection recently. The suspected attack took place last week and affected the company’s web servers. The company took the servers down soon after becoming aware of…
Recently Patched Vulnerabilities in Microsoft Azure Stack Could Have Allowed Server Takeovers
Two vulnerabilities in Azure Stack that could have resulted in attackers gaining control over cloud servers or accessing client data without authorization were responsibly reported to Microsoft and patched in October and November of 2019. Now, researchers at Check Point…
Israel Defended Against a “Very Serious Cyber-attack” on Power Infrastructure
According to the country of Israel’s Energy Minister, Israel detected a “very serious cyber-attack” that they were able to defend against. The attack was combatted a few months ago and represented one of the very few serious cyber-attacks the country…
Emotet Using Coronavirus Fears as a Lure
Emotet, the highly prolific and sophisticated botnet, has recently started using email templates posing as a Kyoto Coronavirus notification. The templates are used to send malicious email messages from infected computers to spread the botnet. The email messages contain malware…
“BIGBADABOOM” Sale on Joker’s Stash Likely Made Up of Cards from Wawa Breach
Late Monday evening, a new posting appeared on Joker’s Stash, which is believed to contain cards from the Wawa data breach. Joker’s Stash is a popular criminal market website for stolen payment card data, where card data is regularly dumped…
Magento Update Fixes Multiple Code Execution Vulnerabilities
Adobe released an update yesterday for all editions of Magento, fixing six different vulnerabilities. Out of the three vulnerabilities that were marked as critical, two of them had the possibility to lead to code execution. The group behind many of…
OurMine Returns to Provide More “Security Training”
OurMine: After over two years of being dormant, the Saudi threat actor group OurMine has made a return. This time, the group attacked the Twitter accounts for various NFL entities this week, leading up to the National Football League’s (NFL)…
Tax-Related Scams Increase as 2020 Tax Season Approaches
As tax season approaches, scammers have begun their rounds of tax-related scams in an attempt to steal information. Documented below are some of the more popular scams that have been seen in the past. The first one involves scammers posing…
Netflix Scammers
The email security firm MailGuard has intercepted an email that claims to be from the popular streaming service Netflix. This new email appears to be from Netflix and states that the user’s “billing information has been modified,” attempting to trick…
Zero-day in SolarWinds’ MSP n-Central Tool Allows Theft of Admin Credentials:
Originally reported to SolarWinds on October 10th, this flaw known as “Dumpster Diver,” allows attackers to gain domain administrator credentials, essentially granting them control over the entire system. Proof-of-concept code to exploit the vulnerability is available. While SolarWinds pushed out…
Indonesia Police Arrest Three Hackers Linked to Magecart Style Attacks
In an operation carried out by Indonesian National Police, dubbed Operation Night Fury, three men were arrested for participating in Magecart style attacks. Magecart attacks refer to a method of stealing payment card and customer information from online shopping websites…
Ryuk Stealer Updated to Target More Files
Twitter user @malwrhunterteam recently discovered an updated version of the “Ryuk Stealer” malware. Ryuk Stealer automatically searches for and steals files from infected computers. It is thought to be related to Ryuk ransomware because it shares some code similarities, but…
Maze Ransomware Operators Leak More Stolen Data
The Maze Ransomware operators have kept their promise to leak data after not collecting their ransom payments. Medical Diagnostics Laboratories (MDLab) was reported to be infected on December 2nd, 2019 and they have refused to pay the 200 Bitcoin ransom…
Vivin Cryptomining Malware Using Pirated Software to Infect Victim Computers
Cryptomining malware Vivin has been watched closely by researchers over the past few years. What they’ve noticed is that the malware has switched its tactics to be able to adapt to the ever-changing cryptocurrency market. The Monero cryptocurrency is its…
Threat Actors Using PupyRAT to Target European Energy Sector
Iran: Researchers from Recorded Future observed evidence of the Remote Access Trojan PupyRAT targeting the European energy sector. Although the researchers could not attribute the attack to a specific threat group, they noted that the Iran-backed threat group APT 33,…
Founder of DDoS Mitigation Company Admits to Paying Threat Actors to Carry Out DDoS Attacks
Tucker Preston, a co-founder of the Distributed Denial of Service (DDoS) mitigation company BackConnect, has admitted to funding DDoS attacks. The 22-year-old was in court last week where he pleaded guilty to one count of damaging a protected computer by…
TrickBot Starts the Year off With New Tricks
TrickBot, a well-known banking trojan, uses a series of modules to accomplish a wide variety of tasks. Some examples of modules are wormWinDll, which uses EternalBlue to spread through a network by exploiting unpatched Windows computers, and DomainDll which steals…
Sodinokibi Operators Threaten Another Victim
Sodinokibi has struck again, this time threatening to release stolen data from GEDIA Automotive Group. In previous threats, the group tried to use GDPR as a motivator for victims to pay the ransom. This latest post makes no such threat,…
Operation Glowing Symphony–Stopping Terrorism Recruitment and Propaganda
ISIS/United States: Recently declassified reports have been released outlining how the United States managed to carry out cyber-attacks, combatting the propaganda campaigns being used by ISIS in 2016. The documents were released under the Freedom of Information Act request. The…
sLoad 2.0 Malware
After details of the sLoad malware were exposed in a Microsoft report last month, the authors of the malware have released a new version this month, dubbed Starslord or sLoad 2.0. The new variant doesn’t change much but it does…
Customer Information Exposed After UPS Store Chain Suffered a Phishing Attack
A phishing effort targeting The UPS Store which took place between September 29th, 2019 and January 13th, 2020 exposed personal and financial information for a number of their customers. Through investigation after the discovery of the attack, it appears that…
Mitsubishi Electric Discloses Cyber-Attack
Mitsubishi Electric, which manufactures electronic goods ranging from household items to defense equipment, announced that they were the victims of a cyber-attack sometime last year. The intrusion came to light for the company last June when it detected unauthorized access…
FTCode Ransomware Updates, Now Steals Credentials
FTCode, a PowerShell-based ransomware originally found in 2013 by researchers at Sophos has recently resurfaced with an update. Because this ransomware is entirely script-based, no other components are required, and no further downloads are made. This also makes it simple…
Popular Phishing Kit Store adds Paypal and American Express:
16Shop, currently tracked by the ZeroFOX Alpha Team, is a prolific phishing kit distribution network. Phishing kits are tools created and sold by cyber criminals which are used to fake login pages used by popular services, such as Amazon. When…
Microsoft Releases Warning of RCE Vulnerability in Internet Explorer
The team at Microsoft has released a security advisory that details a remote code execution vulnerability (RCE) in Internet Explorer. The bug exists in the way that the scripting engine in jscript.dll handles objects in memory in Internet Explorer. If…
JhoneRAT Targeting Middle East
Middle East: A new Remote Access Trojan (RAT) has been identified by researchers at Talos that is using malicious Word documents to target people in the Middle East who speak Arabic. The threat actor behind this campaign is using a…
Over 500,000 Server, Router and IoT Passwords Leaked
A cybercriminal has published a list of Telnet credentials on a popular hacking forum that contains more than 515,000 credentials for servers, home routers, and IoT smart devices. Telnet is an insecure remote access protocol that allows the administration of…
UN Warns Against Participating in North Korean Cryptocurrency Conference, Risk not Limited to Sanction Violations
North Korea: An expert on UN sanctions has warned that a report due to be submitted to the UN Security Council will be flagging the upcoming cryptocurrency conference in North Korea as a “likely sanctions violation.” This comes after independent…
WeLeakInfo Domain Seized:
On Thursday, January 16th, 2020 the FBI and US Department of Justice announced that they had seized the internet domain name WeLeakInfo.com. The website served as a breach notification service, similar to HaveIBeenPwned, with one key difference. Unlike HaveIBeenPwned, WeLeakInfo…
Someone is Cleaning Up Infected NetScaler Devices, Leaving Possible Backdoor
Now that NetScaler exploits for CVE-2019-19781 have been public for a couple of weeks, actors have had a little more time to update their arsenals. One particular actor has caught the interest of researchers for their method of entry and…
PlanetDrugsDirect Security Breach
The Canadian online pharmacy PlanetDrugsDirect is notifying its customers of a data breach that impacted some personal and financial information. The company is a member of the Canadian International Pharmacy Association (CIPA) and has both Canadian and US customers. The…
AT&T Security Releases Analysis for Molerats and APT-C-37 Threat Groups
Molerats/APT-C-37: AT&T Security has found that many reports outlining events in 2019 identified Molerats and APT-C-37 being behind a number of attacks, but because of similarity in their Tactics, Techniques, and Procedures (TTP’s) researchers believe some attacks were attributed incorrectly.…
Critical iMessage Vulnerability Discovered by Google Researchers
The iMessage vulnerability addressed last year as CVE-2019-8641 and deemed critical with a CVSS score of 9.8 had technical details published by Google’s Project Zero team recently. iOS versions 12 or later are affected by the vulnerability that could allow…
Russian Campaign Against Burisma Highlights Risk to Companies With Political Ties
Russia: A recent investigation revealed that members of Russian intelligence appear to have heavily targeted the Ukrainian energy company Burisma. It appears that employees of Burisma were targeted with a “sophisticated network of fake websites.” The websites were all designed…
Remote Desktop Vulnerable to Remote Code Execution
Microsoft had a particularly important Patch Tuesday this week. Not only were flaws found in the CryptoAPI library, but arguably more severe flaws were found with the Remote Desktop Client and Gateway that allow for unauthenticated remote code execution. CVE-2020-0609…
Texas School District Phished for $2.3 Million
The Manor Independent School District in Texas revealed that an investigation has begun into a series of phishing emails sent to multiple employees that eventually resulted in a loss of $2.3 million USD. While multiple employees received emails requesting money…
China APT40 Using Front Companies to Hire Hackers
China (APT 40): Reports from two researchers calling themselves Intrusion Truth state that they have found evidence to link APT40 and other Chinese APT activity to job postings that are a front for companies to hire hackers. While looking through…
Microsoft Planning to Patch Critical Windows Security Flaw
KrebsonSecurity has reported that Microsoft plans to kick off patch Tuesday by delivering a fix for a substantial cryptographic flaw present in all versions of Windows. Krebs believes the flaw lies within the crypt32.dll file, and if unpatched it could…