Tag: Threat Watch – Binary Defense

Read the original article: Flagstar Bank Suffers Data Breach US-based bank and mortgage lender Flagstar bank has disclosed that they suffered a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January of this year.…

Read more →

Read the original article: Scammers Are Already Targeting the Next Round of Coronavirus Relief Checks During the COVID-19 pandemic, criminals have flagrantly exploited unemployment and relief payments for fraud. Now, the new American Relief Act is expected to be passed…

Read more →

Read the original article: New Ransomware Encrypts Files in Support of Indian Farmers Since last year, many farmers in India have been protesting in New Delhi in opposition to new bills passed in 2020, which remove some of the restrictions…

Read more →

Read the original article: Opportunistic Exploitation of Microsoft Exchange Vulnerabilities Growing Since the revelation of four recently discovered vulnerabilities and following out-of-band updates for Microsoft Exchange, proof of concept exploits are growing in number and many of them have been…

Read more →

Read the original article: Exchange 0-day attacks: Hundreds of Thousands of Exchange Servers Affected As originally reported by ZDNet and Brian Krebs, exploitation of the four Microsoft Exchange server vulnerabilities (CVE-2021-27065, CVE-2021-26855,CVE-2021-26857, CVE-2021-26858) have resulted in at least 30,000 compromised…

Read more →

Read the original article: Pulse Secure and SuperMicro Announce Trickboot Vulnerabilities SuperMicro and Pulse Secure have both issued advisories recently linking Trickboot to vulnerabilities discovered on certain products. TrickBoot is a new functionality within the TrickBot malware toolset capable of…

Read more →

Read the original article: Cybercrime Forum Breaches Are a Common Theme in 2021 Four cybercrime forums are reported to have been breached in 2021. Information about users of cybercrime forums Verified, Crdclub, Exploit, and Maza have all been exposed in…

Read more →

Read the original article: FTC Joins 38 States in Takedown of Massive Charity Robocall Operation The US Federal Trade Commission (FTC) shut down a major charity fraud scheme that reportedly received $110 million from victims. The scam utilized bots to…

Read more →

Read the original article: Details of Two New Ransomware Types Released Trend Micro researchers have released the details of two new strains of ransomware they are currently following. The first ransomware has been named AlumniLocker and was released in February.…

Read more →

Read the original article: Stolen SendGrid Accounts Used in Phishing Attacks A phishing campaign that targets users of Outlook Web Access and Office 365 services has collected thousands of credentials. The attackers behind the campaign used hacked SendGrid accounts to…

Read more →

Read the original article: BEC Scammers Take a New Approach to Large Payouts Business email compromise is one of the most common scamming techniques used today, and scammers always find new means to find a payday. Recently scammers have taken…

Read more →

Read the original article: DHS Warns of Recent Exchange Vulnerabilities The Department of Homeland Security (DHS) has issued Emergency Directive 21-02, warning of the recent vulnerabilities discovered in Microsoft’s Exchange server. According to the Cybersecurity & Infrastructure Security Agency (CISA),…

Read more →

Read the original article: Microsoft Announces New Effort To Stop Excel Macros Microsoft has announced the addition of Excel 4.0 XLM macro detection to its Antimalware Scan Interface (AMSI). As AMSI was previously only focused on Visual Basic for Applications…

Read more →

Read the original article: APT RedEcho Targets India’s Power Sector Security researchers at Recorded Future released an updated report detailing the China-linked threat group RedEcho and their active targeting of India’s Power Grid. Recorded Future noted similarities between the RedEcho…

Read more →

Read the original article: Gootloader Abusing SEO to Deliver Malware Sophos released a report yesterday detailing “Gootloader,” the JavaScript-based infection framework, and how it is currently abusing search engine optimization (SEO) to infect its victims. Gootloader is current targeting victims…

Read more →

Read the original article: ObliqueRAT Receives Steganographic Update ObliqueRAT, a Remote Access Trojan that was first discovered in early 2020, has received an update that now disguises the payload in image files on compromised websites, according to an article published…

Read more →

Read the original article: Working Spectre Exploit Found on VirusTotal On March 1, 2021, security researcher Julien Voisin documented his findings on two samples uploaded to VirusTotal that appear to exploit the hardware vulnerability CVE-2017-5753, also known as Spectre. In…

Read more →

Read the original article: Phishing Campaign Targets AOL Users An AOL-themed phishing scam is underway that is trying to steal users’ login names and passwords by warning recipients that their account is about to be closed. Most people use Gmail,…

Read more →

Read the original article: Stolen User Account Information From Three of Androids Largest VPNs For Sale A user on a popular hacking forum is advertising that they will sell the details of user accounts from three different VPN services offered…

Read more →

Read the original article: Gab Users Data Posted to DDoSecrets Website Recent reports reveal that users of the social media platform Gab have had their information leaked by the group DDoSecrets. The Gab platform allows content to be posted without…

Read more →

Read the original article: Fraud Overwhelms Pandemic-Related Unemployment Programs States are scrambling to update security systems as another round of unemployment aid is on the horizon. Identity theft and unemployment fraud has risen to record highs, and often times the…

Read more →

Read the original article: Threat Groups Are Partnering to Fill Gaps With the number of attacks rising throughout 2020 and 2021 researchers have noted another trend. “Malware as a Service” and partnerships to strengthen the chances of successful operations. As…

Read more →

Read the original article: Oxford University Covid-19 Research Lab Targeted by Hackers ZDNet reported that the Oxford University’s Division of Structural Biology lab (aka “Strubi”) in the UK has confirmed that a security incident had occurred. Previously, a Forbes report…

Read more →

Read the original article: Proof-of-Concept for vCenter Vulnerability Released Shortly after VMware released a security advisory for CVE-2021-21972, proof-of-concept (PoC) code appeared online for exploiting vCenter. This vulnerability was originally found and reported to VMWare by Mikhail Klyuchnikov of Positive…

Read more →

Read the original article: Ukraine Reports Cyber Attack on Government Document Management System Ukrainian officials are reporting that Russian hackers compromised a government file sharing system. The Russian hackers uploaded malicious documents to the file sharing system in an attempt…

Read more →

Read the original article: Michigan Healthcare Facility Breached Covenant Healthcare based in Saginaw, Michigan has disclosed a breach that could possibly affect around 45,000 patients. After partnering with third party security providers, the Covenant team revealed two compromised employee email…

Read more →

Read the original article: Ransomware Gang Extorts Bombardier With Data Stolen from Accellion FTA Business jet manufacturer Bombardier is the latest company to be extorted by the Cl0p ransomware gang after they exploited a zero-day vulnerability in Accellion FTA to…

Read more →

Read the original article: Cisco Fixes Maximum Severity Authentication Bypass Vulnerability Cisco has addressed a maximum severity vulnerability in the API endpoint of their Cisco ACI Multi-Site Orchestrator (MSO). The flaw would allow a remote attacker to bypass authentication on…

Read more →

Read the original article: LazyScripter Threat Group Targets Airlines with Open Source RATs Originally reported by BleepingComputer, security researchers at Malwarebytes have identified a threat group targeting prospective Canadian immigrants, airlines, and the International Air Transport Association, since 2018. Nicknamed…

Read more →

Read the original article: Researchers Identify a New Malware Builder: APOMacroSploit A new macro tool has been observed creating weaponized Excel documents targeting over 80 organizations worldwide. APOMacroSploit creates highly obfuscated Excel documents capable of bypassing Gmail, Windows Antimalware Scan…

Read more →

Read the original article: VMware Fixes Unauthenticated Remote Code Execution in vCenter VMware issued a security advisory on February 23rd for multiple vulnerabilities, including CVE-2021-21972, an unauthenticated remote code execution (RCE) vulnerability in VMware vCenter. The flaw was found by…

Read more →

Read the original article: Scammers Threaten Texas Power Customers As with any disaster, scammers will use any tragedy they can to trick people into giving them their money. Austin Energy has released warnings that scammers are calling Texas customers and…

Read more →

Read the original article: Accellion FTA Exploited for Data Theft and Extortion Attempts According to researchers from FireEye, a threat actor tracked by Mandiant as UNC2546 exploited multiple zero-days in Accellion’s legacy File Transfer Appliance (FTA). The goal of the…

Read more →

Read the original article: Researcher Reveals DDoS Amplification Attack Vector in Powerhouse Management VPN Independent researcher Phenomite has discovered a new attack vector that takes advantage of a flaw in Powerhouse Management VPN servers. The vector would allow for an…

Read more →

Read the original article: Local, State and Federal Prosecutors Launch Georgia Cyber Fraud Task Force Prosecutors and law enforcement in Georgia are working together to combat Business Email Compromise (BEC) fraud schemes.  The U.S. Attorney’s Office for the Northern District…

Read more →

Read the original article: Google Alerts Service Is Being Abused to Spread Fake Flash Updates Google Alerts is a service where users can monitor the web for keywords or phrases and be notified by email of new content. BleepingComputer has…

Read more →

Read the original article: Python Receives an Update Amid RCE Release On February 19th, the Python Software Foundation released Python 3.9.2, and 3.8.8 in order to address two security flaws, one of which can be exploited remotely. The release was…

Read more →

Read the original article: macOS Malware “Silver Sparrow” is Compatible With The New M1 Chip Although malware targeting Apple computers running macOS are less common than malware targeting Microsoft Windows, the threat is just as serious and potentially damaging, exposing…

Read more →

Read the original article: FBI Warns of Telephony DDoS Attacks Recently the FBI released a warning in cooperation with the Internet Crime Complaint Center (IC3.gov) that documented the risks behind Telephony DDoS attacks. These types of attacks are essentially used…

Read more →

Read the original article: Multiple Cities Disclose Data Breach After Vendor’s Ransomware Attack A ransomware attack against a widely used payment processor has forced data breach notifications from several cities in California and Washington. Automatic Funds Transfer Services (AFTS) is…

Read more →

Read the original article: RIPE NCC targeted With Credential Stuffing Attack RIPE NCC, a not-for-profit regional Internet Registry for Europe, the Middle East, and parts of Central Asia, has disclosed that they were the victim of a credential stuffing attack.…

Read more →

Read the original article: Jamaica’s Immigration Website Exposed Thousands of Travelers’ Data Jamaican government contracted Amber Group to develop a website and app used to publish COVID-19 data and let residents self-report symptoms. The JamCovid19 website and app also acted…

Read more →

Read the original article: Micro-patch Released for Internet Explorer Zero Day The team at Enki have discovered a vulnerability in Internet Explorer that has been used in campaigns targeting security researchers. The vulnerability has been exploited to use the browser’s…

Read more →

Read the original article: Russian Military Intelligence Agency Targeting Outdated Versions of Centreon Software As an update to the previous report by the French Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) regarding several French hosting providers being attacked…

Read more →

Read the original article: Ninja Forms WordPress Plugin Left One Million Sites Vulnerable Ninja Forms is a popular WordPress plugin for easily creating forms through its drag and drop designer without the need for coding anything by hand. With more…

Read more →

Read the original article: US Indicts DPRK Hackers for $1.3billion Theft On February 17th, the US Department of Justice announced criminal charges against three North Korean (DPRK) government-backed hackers for thefts of cryptocurrency and funds from banks totaling around $1.3…

Read more →

Read the original article: Shared SDK Vulnerability Allows Attackers to Infiltrate Calls on Multiple Applications In a report released by researchers at McAfee, a new bug tracked as CVE-2020-25605 can allow attackers to join audio and video calls without being…

Read more →

Read the original article: QNAP Patches Critical Vulnerability in Surveillance Station App QNAP has addressed a critical security vulnerability in their Surveillance Station app that, if exploited, would allow an unauthorized user to execute malicious code remotely on a network-attached-storage…

Read more →

Read the original article: CityBee Users Information Sold on Hacking Forum Eastern European ridesharing service CityBee had a large amount of customer information posted for sale on a hacking forum recently. Nearly 110,000 records were posted between February 15th and…

Read more →

Read the original article: ScamClub Malvertising Leveraged Zero-Day Vulnerability in Browsers Originally reported by BleepingComputer, the malvertising group ScamClub leveraged a zero-day vulnerability in the WebKit browser engine in order to distribute payloads that redirected to gift card scams through…

Read more →

Read the original article: ANSSI Links Attacks Against French Hosting Providers to Russian Military Intelligence Agency The Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) has linked breaches against multiple French IT firms to the Sandworm hacking group, which…

Read more →

Read the original article: NPM Package Repository Seeing Flood of Supply Chain Attack Attempts After recent reports of security researcher Alex Birsan compromising large companies like Microsoft, Apple, Paypal and Netflix through the NPM package repository, Sonatype has spotted over…

Read more →

Read the original article: VMware Patches Command Injection Vulnerability in vSphere Replication VMWare issued an advisory on February 11th warning customers that vSphere Replication “contains a post-authentication command injection vulnerability in the Startup Configuration page.” A threat actor with administrative…

Read more →

Read the original article: French Hospital Hit with Egregor Ransomware On February 8th, the Center Hospitalier de Dax-Côte d’Argent in France suffered a ransomware attack that locked hospital staff out of computers and phones, and forced the COVID-19 vaccination clinic…

Read more →

Read the original article: Egregor Ransomware Members Arrested by Ukrainian, French Police It has been reported that Ukrainian law enforcement officers have arrested several affiliate members of the Egregor ransomware gang. The operation was carried out with the assistance of…

Read more →

Read the original article: Canadian Rental Car Company Targeted by DarkSide Ransomware Canadian Discount Car and Truck Rentals has been targeted by the threat actors behind the DarkSide ransomware gang. The hackers claim to have stolen 120GB of data from…

Read more →

Read the original article: Scammers Target U.S. Tax Professionals The Internal Revenue Service (IRS) has issued a warning that identity thieves are actively targeting U.S. tax preparation professionals in a series of phishing scams that attempt to steal Electronic Filing…

Read more →

Read the original article: Responsive Menu WordPress Plugin Patches File Upload, Remote Code Execution Flaws In December 2020, researchers for WordFence disclosed three security vulnerabilities to the authors of the Responsive Menu WordPress plugin. After nearly a month and an…

Read more →

Read the original article: Brazil’s National Data Protection Authority Investigates Two Large Data Leaks Brazil’s National Data Protection Authority (ANPD) reports that it is “taking all the appropriate measures” to investigate the exposure of over 200 million citizens’ personal information,…

Read more →

Read the original article: Avaddon Patches Flaw Allowing Free Decryption After a free decryptor for Avaddon ransomware was published by a Ph.D. student at Rey Juan Carlos University, the malware developers have announced they have found the flaw in the…

Read more →

Read the original article: Increase in Number of Web Shell Attacks According to research published by Microsoft’s Detection and Response Team, the number of attacks that planted web shells is up to an average of 140,000 incidents per month between…

Read more →

Read the original article: PayPal Patches XSS Vulnerability Nearly One Year After Discovery PayPal has announced that they’ve patched a bug that was previously reported to them on February 19th, 2020 by “Cr33pb0y.” Discussions were held confidentially between the bug…

Read more →

Read the original article: FBI Warns of Valentine’s Day Romance Scammers The FBI issued a warning as they predict a spike in romance scams due to the upcoming Valentine’s Day this weekend. The FBI’s internet crime complaint center (IC3) reported…

Read more →

Read the original article: FBI Warns of TeamViewer and Windows 7 Usage Following the Oldsmar, Florida attack where an attacker gained remote access to a water treatment plant computer and modified one of the chemical additives to dangerous levels, the…

Read more →

Read the original article: KeepChange Bitcoin Exchange Breached A cryptocurrency exchange that was created last year, KeepChange, stated in a blog post they identified unauthorized activity on their platform. The company said that attackers attempted to withdraw various amounts of…

Read more →

Read the original article: macOS Sudo Vulnerability Update As an update to a previous story, Apple has released updates to patch the vulnerability found in Sudo, disclosed by Quays on January 15th, 2021. It was quickly discovered that this vulnerability…

Read more →

Read the original article: Patch Tuesday Addresses 56 Security Issues On Tuesday February 9th, Microsoft released another round of security updates. These patches address vulnerabilities across multiple products, with 11 rating as critical and one zero day that was being…

Read more →

Read the original article: Matryosh Botnet Spreading Through Android Devices Security researchers at the China-based Netlab 360 security firm have discovered a new botnet re-using the Mirai botnet framework. Dubbed Matryosh, the botnet has its own unique characteristics and spreads…

Read more →

Read the original article: UK National Crime Agency Arrests SIM-Card Swappers As originally reported by ZDNet, the UK National Crime Agency has arrested eight men as part of a coordinated crackdown against a SIM swapping gang targeting US celebrities.  By…

Read more →

Read the original article: Hackers Breach Water Treatment Facility, Change Controls to Dangerous Settings An unknown threat actor remotely took control of a critical control system at the water treatment facility in Oldsmar, Florida on February 6th. The facility operator…

Read more →

Read the original article: UPMC Patient Data Exposed After Breach of Local Law Firm Pittsburgh area law firm Charles J. Hilton & Associates P.C. (CJH) recently suffered a breach that exposed over 36,000 University of Pittsburgh Medical Center (UPMC) patient…

Read more →

Read the original article: CD PROJEKT RED RANSOMWARE ATTACK CD PROJEKT RED, the video game developer behind Cyberpunk 2077 and the Witcher trilogy, announced that it has been a victim of a ransomware attack that affected its network. The Polish…

Read more →

Read the original article: Ukrainian Police Arrest Author of U-Amin, World’s Largest Phishing Service The Ukrainian Cyber-police, in coordination with the FBI and Australian law enforcement, conducted in an operation ending with the arrest of the author of the world’s…

Read more →

Read the original article: Hackers Breach Water Facility An unknown threat actor remotely took control of the water treatment facility in Oldsmar, Florida on February 6th. The facility operator noticed the attacker take control of the mouse on the computer…

Read more →

Read the original article: Large Increase in RDP Attacks In their recently released Q4 2020 report, ESET reports seeing a 768% growth in the amount of Remote Desktop Protocol (RDP) attacks. As more employees than ever worked remotely, resources needed…

Read more →

Read the original article: Highly Used Android Application Hijacked To Distribute Ads ZDNet reported that the popular Barcode Scanner app for Android was recently updated with malicious code to display ads on Android devices. This app had over 10 million…

Read more →

Read the original article: Threat Actor Uses Morse Code to Hide Malicious JavaScript from Email Threat Scanners On February 6th, a Reddit user on the r/sysadmin subreddit posted a link to a malicious HTML file sent in a recent phishing…

Read more →

Read the original article: The National Cyber Investigative Joint Task Force Releases Ransomware Fact Sheet The National Cyber Investigative Joint Task Force (NCIJTF) was officially established in 2008 and comprises over 30 agencies from law enforcement, the intelligence community and…

Read more →

Read the original article: Chrome Zero-Day Exploited in the Wild Google is releasing a patch for a high severity zero-day vulnerability in Chrome that is being exploited in the wild by attackers. The vulnerability, tracked as CVE-2021-21148, is a heap…

Read more →

Read the original article: Plex Media Servers Abused for DDoS Attacks Plex Media Server systems are actively being abused to amplify Distributed Denial-of-Service (DDoS) attacks as part of DDoS-for-hire services available to criminals. Plex Media Server is a streaming system…

Read more →

Read the original article: Spotify Suffers Second Credential Stuffing Attack Since November Spotify was hit yet again with another credential stuffing attack; this is the second attack the music streaming giant has suffered since November. Taking advantage of reused passwords…

Read more →

Read the original article: SonicWall Patches Actively Exploited Secure Mobile Appliance (SMA) Vulnerability On January 22nd, SonicWall disclosed that a previously undiscovered vulnerability was exploited to attack their Secure Mobile Appliances internally. Soon after that, NCC Group discovered another previously…

Read more →

Read the original article: NCSC Shares a Cautionary Ransomware Tale In a post about the rise of ransomware, the United Kingdom’s National Cyber Security Centre (NCSC) has shared a cautionary tale about an unnamed company being hit with the same…

Read more →

Read the original article: Stormshield Announces Breach, Theft of Source Code As originally reported by ZDNet, French cyber-security firm Stormshield announced that a threat actor gained access to one of its customer support portals. Stormshield provides security services and devices…

Read more →

Read the original article: DriveSure Client Data Exposed on RaidForums Researchers recently discovered a database that included client data of DriveSure clients posted on RaidForums by a frequent poster named “pompompurin”. The data was posted on December 19th and was…

Read more →

Read the original article: Sudo Bug Impacts macOS A security researcher discovered a security flaw in the Sudo app that impacts the latest macOS operating systems and other operating systems. Sudo allows a system administrator to give certain users (or…

Read more →

Read the original article: ValidCC Dark Web Credit Card Marketplace Shuts Down ValidCC, a Dark Web market for selling stolen credit cards, was operated by a cybercrime group for the last six years. Last week it unexpectedly shut down. It…

Read more →

Read the original article: Secondary E-Skimmer Siphons Stolen Data From Original Attacker Malwarebytes researchers outlined a new Magecart attack that has been affecting the retailer Costway. Magecart is an umbrella term used to describe several groups of thieves that are…

Read more →

Read the original article: Kobalos Backdoor Steals SSH Credentials Researchers at ESET have discovered a targeted backdoor for Linux and UNIX systems they are calling Kobalos. Though not widespread, the actors behind the malware are infecting targets with high-performance computers…

Read more →

Read the original article: Agent Tesla Receives AMSI Targeting Update ZDNet reports that researchers at Sophos have discovered two new variants of AgentTesla, a remote access trojan, which include new features for the malware to evade detection by tampering with…

Read more →

Read the original article: Breach Exposes 1.6 Million Washington Unemployment Claims The Office of the Washington State Auditor’s (SAO) announced that one of its service providers, Accellion, had suffered a data breach in December 2020. Accellion did not notify SAO…

Read more →

Read the original article: Top Google Search Result for Home Depot is a Malicious Ad Bleeping Computer has received reports recently about a malicious Home Depot ad on Google search results sending users to tech support scams. While scams are…

Read more →

Read the original article: NightScout Supply-Chain Attack Targets Gamers Researchers at ESET discovered a supply-chain attack, dubbed NightScout, that was delivering malware using updates to the Android Gaming Emulator, NoxPlayer, made by the Hong Kong based company BigNox. At least…

Read more →

Read the original article: Trickbot Trojan Back From the Dead in New Campaign In October of last year, Microsoft used a court order to disrupt the prolific ransomware distributor Trickbot. The botnet survived and now threat researchers are monitoring a…

Read more →

Read the original article: SonicWall Zero-Day Exploited in the Wild The NCC Group, a UK-based cybersecurity firm, stated that over the weekend they detected active exploitation of a zero-day vulnerability in SonicWall networking devices. SonicWall is a cybersecurity provider that…

Read more →

Read the original article: Security Researchers Likely Targeted With Multiple Attack Methods In a new report, Microsoft disclosed that they have been tracking multiple DPRK tactics in their targeting of offensive security professionals. On Tuesday, when this news was first…

Read more →

Read the original article: Volatile Cedar Compromising Telcos and Internet Service Providers Volatile Cedar is an APT group identified as far back as 2012, falling silent around 2015. A new report by ClearSky (referring to the group as Lebanese Cedar)…

Read more →

Read the original article: Trickbot Returns With Fresh Phishing Originally reported by ZDNet, researchers at Menlo have uncovered a new Trickbot campaign targeting legal and insurance companies in North America, with emails encouraging victims to click on a link to…

Read more →

Read the original article: Department of Justice Launches Global Action Against NetWalker Ransomware An investigation led by the FBI’s Tampa field office culminated in a NetWalker ransomware affiliate indictment, the NetWalker leak site on the Darknet being disabled, and nearly…

Read more →

Read the original article: Apple Addresses Three iOS Zero-Day Flaws In a new update from Apple for iOS, the operating system used for iPhone and iPad, the company addresses three zero-day flaws that have been exploited by attackers. The first…

Read more →