Tag: Threat Watch – Binary Defense

Read the original article: Pan-Asian Retail Group “Dairy Farm” Attacked by REvil Dairy Farm, a group that operates many retail chain stores across Asia, has been attacked by threat actors of the REvil ransomware gang. Information shared with reporters at…

Read more →

Read the original article: Accellion Flaw Affects the Australian Securities and Investments Commission (ASIC) The Australian Securities and Investments Commission (ASIC) have become the most recent organization to announce they’ve suffered a data breach due to an unpatched SQL injection…

Read more →

Read the original article: Emotet Botnet Dismantled Following International Police Operation In an operation dubbed Operation Ladybird (a hat tip to the Emotet tracking group Cryptolaemus), the prolific and dangerous Emotet botnet has been dismantled. This operation saw cooperation between…

Read more →

Read the original article: Nefilim Actors Use Active Directory Account for a Month Before Deploying Ransomware The actors behind the Nefilim (also known as Nemty) ransomware are making headlines for a recent intrusion in which the group took advantage of…

Read more →

Read the original article: 10 Year Old Heap Buffer-Overflow Vulnerability Discovered in Sudo In a recent disclosure, Quays provides technical details about a heap buffer-overflow vulnerability in the “sudo” utility that Unix and Linux system administrators use to perform administrative…

Read more →

Read the original article: North Korean Threat Actors Target Security Researchers Google’s threat analysis team released an article that outlined an attack campaign being used by North Korean state-sponsored threat actors targeting security researchers. The threat actors would use social…

Read more →

Read the original article: Targeted Phishing Attacks Strike High Ranking Company Executives A new phishing campaign first seen in May of 2020 targets high level executives in multiple private sector industries including manufacturing, real estate, finance, and government. The fake…

Read more →

Read the original article: Over 66,000 VIPGames Members’ Information Exposed Through Misconfigured Cloud Server A research team at WizCase found an open Elastisearch server that had no encryption or password protection. The server was traced back to a website, VIPgames.com,…

Read more →

Read the original article: UK Residents Targeted in COVID-19 Phishing Scam Pretending to be NHS Recent reports reveal a new COVID-19 related phishing scam targeting vaccine eligible people in the UK. Emails claim to be from the NHS and falsely…

Read more →

Read the original article: Avaddon Ransomware Now Utilizing DDoS Attacks to Force Ransom Payment More ransomware gangs are attempting to use Distributed Denial of Service (DDoS) attacks against victims to bring down web services on top of encrypting files and…

Read more →

Read the original article: Drupal Addresses PEAR Archive_Tar Vulnerability Drupal released a security advisory on January 20th to address a critical vulnerability within a third-party library. This library comes from PHP’s PEAR, which describes itself as “a framework and distribution…

Read more →

Read the original article: DreamBus Botnet Runs Like a Nightmare ZDNet reports that the botnet previously tracked as SystemdMiner has received an update and a name change. The newly tracked DreamBus botnet received substantial updates from the initial SystemdMiner botnet.…

Read more →

Read the original article: Windows RDP Servers Being Used to Amplify DDoS Attacks A report released by Netscout on Tuesday, January 19th outlined how threat actors are using Remote Desktop Protocol (RDP) servers to amplify their Distributed Denial of Service…

Read more →

Read the original article: MyFreeCams Account Database Being Sold An SQL injection attack has led to a database filled with customer information for the site MyFreeCams being sold on a criminal forum. MyFreeCams is an adult video streaming and chat…

Read more →

Read the original article: Truck Drivers and Rail Workers Medical Records Leaked Data belonging to employees of the United Parcel Service (UPS) and Norfolk Southern Railroad was published on the dark web after a cyber-attack on Taylor Made Diagnostics (TMD).…

Read more →

Read the original article: QNAP Warns Users of Dovecat Malware QNAP is a popular manufacturer of Network Attached Storage (NAS) devices that provides storage solutions for personal home users as well as enterprise solutions. The company is now urging customers…

Read more →

Read the original article: Sophos Links MrbMiner Botnet to Iranian Software Firm Originally reported by ZDNet, Sophos has recently published a report identifying the threat group behind the MrbMiner cryptomining botnet. After identifying the underlying infrastructure that makes up MrbMiner,…

Read more →

Read the original article: Cisco Releases Patch for SD-WAN, Cloud License Manager Products Recent updates to Cisco’s SD-WAN and Cloud License Manager products have been released to address remotely exploitable buffer overflow and command injection vulnerabilities. The following SD-WAN products…

Read more →

Read the original article: Vendors Respond to DNSpooq In response to the recently disclosed Dnsmasq vulnerabilities, Bleeping Computer has provided a list of vendors and their response to the disclosure. The maintainer of Dnsmasq has also written on the subject…

Read more →

Read the original article: Chinese Threat Actor Targeting Airline Industry A Chinese threat actor being tracked under the name Chimera has been targeting the airline industry to steal passenger travel records since early 2020, according to researchers at the NCC…

Read more →

Read the original article: Attacker Posts Pixlr User Records Online Pixlr is a very popular free online photo editing software that has many of the same features as found in professional editors like Photoshop. The site is free to use…

Read more →

Read the original article: Interpol Warns of Romance Scam Artists Using Dating Apps to Promote Fake Investments A new scam on mobile dating apps, like many other scams seen over the last year, is taking advantage of the Covid-19 pandemic.…

Read more →

Read the original article: Precision Spinal in Texas Reveals Data Breach Texas-based spinal clinic, Precision Spinal Care, has announced one of the first healthcare data breaches of 2021. The breach was noticed after a threat actor was able to access…

Read more →

Read the original article: FireEye Releases Network Auditing Tool For Techniques Used by Solarwinds Hackers FireEye has released a report and PowerShell tool for auditing networks for evidence of attacker techniques that have been observed through investigations after Solarwinds hacks. …

Read more →

Read the original article: New DNS Cache Poisoning Vulnerability found in Dnsmasq Researchers at JSOF have disclosed seven vulnerabilities concerning the widely used DNS forwarding client Dnsmasq. The vulnerabilities are split into two classes, DNS cache poisoning and buffer overflows…

Read more →

Read the original article: New FreakOut Campaign Using Old IRC Botnet to Mine Cryptocurrency Check Point Research has recently discovered a campaign they are calling “FreakOut” that targets unpatched vulnerabilities in Linux servers. The campaign currently makes use of three…

Read more →

Read the original article: Conti Ransomware Strikes the Scottish Environment Protection Agency (SEPA) A ransomware attack that occurred on Christmas Eve struck the Scottish Environment Protection Agency (SEPA). The agency revealed that its contact center, internal systems, processes and internal…

Read more →

Read the original article: FBI Warns of Corporate Vishing Attacks The Federal Bureau of Investigation (FBI) has issued a notification warning of continued vishing attacks against cooperate accounts and network access credentials. Vishing (also known as voice phishing) is a…

Read more →

Read the original article: New Coalition Aims to Combat Growing Wave of Ransomware Attacks Ransomware attacks surged in 2020, and criminal groups primarily targeted schools, hospitals, and governments. Now, a California based nonprofit is creating a ransomware task force to…

Read more →

Read the original article: Notorious Carding Website Joker’s Stash Shuts Down On January 15th, the website called Joker’s Stash, known by many cyber criminals for selling stolen credit and debit card details, announced that they will be shutting down. Over…

Read more →

Read the original article: NSA Advises Companies to Avoid Third-Party DNS Resolvers The NSA recommends that organizations not rely on third-party DNS resolvers to provide encrypted DNS over HTTPS (DoH) services. This recommendation encourages organizations to implement DoH on internal…

Read more →

Read the original article: Apache Velocity XSS Vulnerability Affects Gov Sites BleepingComputer reported that an undisclosed but currently patched cross-site scripting vulnerability in the open source Apache Velocity Tools codebase has been documented by Jackson Henry of the Sakura Samurai…

Read more →

Read the original article: Microsoft Patch Tuesday Addresses Multiple Office Vulnerabilities January’s Patch Tuesday contains several security updates, including fixes for five remote code execution (RCE) vulnerabilities in Microsoft’s various Office products. Microsoft has rated the severity of these vulnerabilities…

Read more →

Read the original article: Vaccine Information Leaked After Attack of European Medicines Agency (EMA) Investigations into the attack on the European Medicines Agency (EMA) that occurred in December are still ongoing. It has now been revealed that the information accessed…

Read more →

Read the original article: Phishing Warning: Popular Brands Most Likely to Be Impersonated By Crooks More people are working from home now than ever before, often times with less security. Chat services and email have become the primary means for…

Read more →

Read the original article: Classiscam Operation Made More Than $6.5 Million in 2020 A newly uncovered Russian-based cybercrime operation has been helping classified ad scammers steal more than $6.5 million from victims across the US, Europe, and the former Soviet…

Read more →

Read the original article: New Leak Site Claims to Sell Data Stolen in SolarWinds Attacks A new website called SolarLeaks appeared on January 12th, claiming without proof to have data that was stolen in the SolarWinds attacks. Among the companies…

Read more →

Read the original article: Microsoft Defender Zero-Day Mitigation in 2021 Patch Tuesday In this most recent Patch Tuesday, Microsoft included mitigation for a current Proof-of-Concept (POC) exploit for Windows Defender, CVE-2021-1647. This vulnerability allows for remote code execution from a…

Read more →

Read the original article: Google Discloses Hacking Campaign with Windows, Android Targets Recently, as first reported by Bleeping Computer, Google’s Project Zero identified and revealed a hacking campaign used by a “highly sophisticated actor” which targeted Windows and Android users…

Read more →

Read the original article: OmniTRAX Affected by Conti Ransomware Conti ransomware has struck again, this time affecting OmniTRAX, the Denver-based short line rail operator and logistics provider owned by the Broe Group. Shortly before Christmas is when the attack was…

Read more →

Read the original article: Android Malware Claims to Give Hackers Full Control of Smartphones A new Android Remote Administration Trojan (RAT) named Rogue is for sale on underground forums for as little as $29.99. The RAT is a combination of…

Read more →

Read the original article: New Phishing Campaigns and Cyber Attacks Target Columbia Researchers at ESET have revealed a new campaign which has been dubbed Operation Spalax, which is targeting government and private entities in Columbia. The campaign’s main focus is…

Read more →

Read the original article: Ubiquiti Network Device Manufacturer Potential Data Breach Networking device manufacturer Ubiquiti has started emailing clients to warn them of a security incident that may have exposed customer data. Ubiquiti is a popular device manufacturer and is…

Read more →

Read the original article: Zero-day Privilege Escalation Vulnerability Has Affected PsExec for 14 Years PsExec has been vulnerable to a local privilege escalation for the last 14 years, according to security researcher David Wells. The vulnerability lies within the PSEXESVC…

Read more →

Read the original article: United Nations Breach Exposed 100K+ UNEP Staff Records Researchers from the research group “Sakura Samurai” have disclosed their findings regarding a vulnerability that let them access the private data of 100,000+ United Nations Environment Programme (UNEP)…

Read more →

Read the original article: A Crypto-Mining Docker Botnet Now Stealing AWS Credentials Analysts with Trend Micro have reported an update to a botnet that now collects Docker and Amazon Web Services (AWS) credentials after deploying an XMR crypto miner. Trend…

Read more →

Read the original article: NVIDIA Fixes High Severity Vulnerabilities NVIDIA has released security patches for high severity flaws that were found in their Windows and Linux GPU display drivers along with others that affect the NVIDIA Virtual GPU management software.…

Read more →

Read the original article: FBI Alert Warns Private Organizations Of Egregor Ransomware Attacks Yesterday, the FBI issued a Private Industry Notification (PIN) to alert private sector companies that Egregor ransomware is targeting and extorting the business sector. The PIN stated…

Read more →

Read the original article: Aurora Cannabis Files Being Sold by Attacker Aurora Cannabis is a Canadian cannabis producer listed on both the Toronto Stock Exchange and the New York Stock Exchange and operates several cannabis-related medical and consumer brands, such…

Read more →

Read the original article: Medical Equipment Packaging Company Hacker Sentenced Christopher Dobbins, a former vice president at a Georgia-based medical equipment packaging company, was sentenced to a year in prison yesterday for computer intrusion charges. During the COVID-19 pandemic, the…

Read more →

Read the original article: Zyxel Backdoor Account Being Abused by SSH Scanners The recently discovered backdoor account on Zyxel network appliances is now being used in the wild according to GreyNoise. Andrew Morris, CEO of GreyNoise told BleepingComputer that it…

Read more →

Read the original article: Nissan Source Code Leaked After Source Control Misconfiguration Discovered Swiss researchers who had previously discovered exposed source code owned by Mercedes-Benz announced that they had received a tip to exposed source code belonging to automobile maker…

Read more →

Read the original article: First New Enterprise Ransomware of 2021 Arrives As the pandemic continues, so do scams related to it attempting to trick vulnerable citizens with offers that promise relief, but only deliver harm. Recently with the vaccines beginning…

Read more →

Read the original article: New Phishing Campaign Delivering QRAT Researchers at Trustwave security have released the details of a new phishing campaign that is designed to infect victims with the Quaverse Remote Access Trojan (QRAT). The initial email uses a…

Read more →

Read the original article: Citrix Adds NetScaler ADC Setting to Block Recent DDoS Attacks After confirming an issue with their DTLS, a TLS protocol for UDP, Citrix has added settings to enable administrators to protect against the recent Distributed Denial…

Read more →

Read the original article: Data from 10,000 American Express Cardholders Shared for Free on Criminal Forum On January 3rd, 2020, a member of an online forum that caters to cybercrime posted an unusual message offering a spreadsheet containing details of…

Read more →

Read the original article: Backdoor Account Discovered in Zyxel Networking Devices Security researchers from Dutch security company Eye Control have discovered a backdoor account in the firmware for multiple Zyxel enterprise networking devices. Affected products include: Advanced Threat Protection (ATP)…

Read more →

Read the original article: Adobe Flash Player Dies 01/01/2021 The Adobe Flash Player will reach its end-of-life on January 1st, 2021 after 18 years of being a security risk. Over its life, attackers have abused its vulnerabilities to create multiple…

Read more →

Read the original article: Bill & Melinda Gates Charity “GetSchooled” Exposed Student Data GetSchooled, a charity funded and operated by the Bill and Melinda Gates Foundation that provides educational resources to younger students, was breached. The charity was informed  by…

Read more →

Read the original article: T-Mobile Data Breach Exposes Customer Information Starting on December 30, 2020, T-Mobile began notifying their customers via text message that a data breach exposed customers’ phone numbers and call records. The breach affected approximately 200,000 of…

Read more →

Read the original article: Treasury Asks Financial Sector to Watch Out for COVID Vaccine Scams, Ransomware On Monday, December 28th, the United States Treasury’s Financial Crime Enforcement Network (FinCEN), sent a notice asking the financial sector to watch for and…

Read more →

Read the original article: Pranksters Hijack Smart Devices to Live-Stream Swatting Incidents The FBI has released a statement regarding pranksters taking over Internet-connected home security video devices in order to live-stream swatting incidents. Swatting is the practice of falsely reporting…

Read more →

Read the original article: The Endgame for SolarWinds Attack Was Victim Cloud Data In a recent blog post, Microsoft revealed that the end goal for the attackers associated with the SolarWinds breach was obtaining access to client cloud data. The…

Read more →

Read the original article: Whirlpool Hit with Nefilm Ransomware Attack Whirlpool, one of the largest home appliances manufacturers, suffered a ransomware attack by the Nefilm ransomware gang that stole data before encrypting their devices. Over the weekend, the Nefilm gang…

Read more →

Read the original article: Facebook Scam Ads Led to Phishing, Stealing Over 600,000 Passwords A large-scale ad scam targeting Facebook users from Egypt, the Philippines, Pakistan, and Nepal in an effort to steal their passwords has been discovered by researchers…

Read more →

Read the original article: New Magecart Attack Affects Multiple Ecommerce Sites According to Dutch security company Sansec, a new Magecart attack has been discovered targeting multiple e-commerce platforms with the same attack. Magecart, also known as e-skimming is usually done…

Read more →

Read the original article: Github-Hosted Malware Decodes Cobalt Strike Beacon From Imgur Picture A new sample associated with MuddyWater, an Advanced Persistent Threat (APT) group that has been known to target organizations in Middle Eastern countries, has been discovered utilizing…

Read more →

Read the original article: US CERT Warns of Another Solar Winds Vulnerability On Saturday, December 26th, the US Computer Emergency Readiness Team (CERT) issued an alert for companies that use Solar Winds Orion software to apply a patch or mitigation…

Read more →

Read the original article: Citrix ADC Servers Targeted in DDoS Attacks Citrix released a report on December 23rd that details Distributed Denial of Service (DDoS) attacks against Citrix Application Delivery Controller (ADC) servers, reported by several companies and described by…

Read more →

Read the original article: Active Chase Phishing Scam Disguised as Fraud Alerts Bleeping Computer reports that a large-scale phishing scam is underway with a J.P. Morgan Chase Fraud Alert lure. The lure frames the phish as an alert that tells…

Read more →

Read the original article: Emotet Updates Prompt New Detection Strategies for Defenders Recently, the prolific botnet Emotet has returned after a hiatus of several months.  Starting on Monday (Dec 21), Binary Defense observed Emotet spinning up massive spam campaigns using…

Read more →

Read the original article: Forward Air Trucking Victim of New Hades Ransomware Gang Forward Air, a leading trucking and air freight logistics company, has suffered a ransomware attack by a new gang that impacted the company’s business operations. It was…

Read more →

Read the original article: Joker’s Stash Carding Website Temporarily Disrupted Joker’s Stash, the notorious carding site that has been operating for years to sell stolen credit and debit cards, was taken offline according to researchers at Digital Shadows. The early…

Read more →

Read the original article: Roanoke College Forced to Delay Spring Semester After Cyber-Attack A cyber-attack at Roanoke College in in Salem, Virginia has caused the school to hold off on the start of their spring semester. Students were originally scheduled…

Read more →

Read the original article: NCSC Issues Cyber Security Guidance For Farmers Recently the NCSC issued their first-ever farmer-oriented guidance for cyber security after an increase in cyberattacks against farm businesses. The NCSC developed this guidance with the cooperation of the…

Read more →

Read the original article: Phishing Campaign Impersonates New York Department of Labor to Steal Private Information Threat actors have launched a new phishing campaign where they send fake emails that appear to come from New York’s Department of Labor. The…

Read more →

Read the original article: U.S. Seizes Domains Used for COVID-19 Vaccine Phishing Attacks On Friday, December 18th, the U.S. Department of Justice (DOJ) seized two domain names used for phishing sites with COVID-19 vaccine lures. In the release by the…

Read more →

Read the original article: Syrmise Flavor Developer Affected by Clop Ransomware Group The Clop ransomware group has taken responsibility for an attack on Syrmise that saw 500 GB of files and nearly 1,000 devices get encrypted. The attack forced Syrmise…

Read more →

Read the original article: Magecart Group Makes Mistake That Leaks Victims in RAT Code Dozens of online stores were hacked by a new Magecart group, and the list of victim websites was inadvertently leaked. The threat actors have access to…

Read more →

Read the original article: Cyberpunk 2077 Fake Android App Download Leads to Ransomware Cyberpunk 2077 is a highly anticipated game release that attackers are taking advantage of. A researcher from Kaspersky discovered a new malware sample that is masquerading as…

Read more →

Read the original article: WordPress Plugin Installed 5 Million Times Has Critical Upload Vulnerability Contact Form 7 is a WordPress plugin for managing multiple website contact forms. On December 16th, researchers at Astra Security discovered a critical vulnerability being tracked…

Read more →

Read the original article: Iranian Nation-state actors linked to Pay2Key Ransomware In the past two months, ClearSky and Profero have linked the operators behind the Pay2Key ransomware to an Iranian-backed group focused on data theft with a ransomware façade. ClearSky…

Read more →

Read the original article: NSA warns of Federated Login Abuse in Advisory Originally reported by ZDNet, the NSA has released a security advisory detailing to attack techniques used by the SolarWinds hackers to escalate access to cloud resources.  The techniques,…

Read more →

Read the original article: FBI says DoppelPaymer Ransomware Gang is Harassing Victims Who Refuse to Pay Ransomware gang Doppelpaymer has been using a new tactic in order to put pressure on victims. Beginning in February of 2020, the gang started…

Read more →

Read the original article: Malicious RubyGem Package Steals Cryptocurrency New malicious RubyGem packages have been discovered that are being used to steal cryptocurrency from unsuspecting users. RubyGems is a package manager for the Ruby programming language that allows developers to…

Read more →

Read the original article: Three Million People Installed 28 Different Malicious Web Extensions Over three million people have installed 28 different malicious web extensions between the Chrome and Edge browsers on their computers. The extensions can redirect users to ads,…

Read more →

Read the original article: IRS Impersonated In Yet Another Tax-Related Scam While tax season may have already occurred, researchers at Abnormal Security have discovered another scam that’s targeting Google G-Suite users and they believe it may have reached the inboxes…

Read more →

Read the original article: Microsoft to Block Infected SolarWinds Binaries Today Microsoft announced yesterday their intention to actively block and quarantine the binaries affected by the recent SolarWinds discovery. Detection was added to Microsoft’s Defender platform on December 13th which…

Read more →

Read the original article: New Android and IOS Spyware Targeting Asia-Residing Users Originally reported by ZDNet, security firm Lookout has discovered a new spyware strain called “Goontact”. This malware can steal victim data such as phone identifiers, SMS messages, photos,…

Read more →

Read the original article: New Windows Trojan Steals Browser Credentials and Outlook Files A report released by Palo Alto’s Unit 42 researchers outlines a new Trojan they have seen that has been targeting Microsoft Windows systems with data exfiltration techniques.…

Read more →

Read the original article: Twitter Fined by EU Data Protection Watchdog For GDPR Breach The European Union’s General Data Protection Regulation (GDPR) came into effect on May 25th, 2018 and is designed to protect user’s data and privacy. Recently Ireland’s…

Read more →

Read the original article: Office 365 Credentials Under Attack Researchers are warning of a coordinated attack that is targeting the Microsoft Office 365 login credentials of numerous enterprise organizations. The criminals behind the attack are leveraging hundreds of compromised, legitimate…

Read more →

Read the original article: Struggling Cruise Company Suffers Apparent Ransomware Attack After struggling with the Coronavirus pandemic, Norwegian cruise liner Hurtigruten has been attacked by what they believe to be ransomware. The attack was announced last night and has since…

Read more →

Read the original article: One Million US Dental Patients Impacted by Data Breach Dental Care Alliance (DCA), an American healthcare provider, has notified more than a million patients that their data may have been exposed by a recent cyber-attack. The…

Read more →

Read the original article: Facebook Security Links APT32 to a Cybersecurity Firm In a surprising report from Facebook’s security team, they revealed that they believe the identity of APT32, also known as OceanLotus, is the cybersecurity firm CyberOne Group. OceanLotus,…

Read more →

Read the original article: Ledger Cryptocurrency Wallet Phishing Scam Ledger is a hardware cryptocurrency wallet that allows users to store, manage, and sell cryptocurrency. The funds stored in these wallets are secured using a 24-word pass phrase and it also…

Read more →

Read the original article: njRAT Shifts to Pastebin as Command and Control Alternative Infrastructure As originally reported by ZDNet, Palo Alto Network’s Unit 42 has identified a new second-stage execution method used by njRAT. This method involves the use of…

Read more →

Read the original article: OpenSSL Releases Security Advisory for Denial-of-Service Vulnerability OpenSSL released a security advisory yesterday for CVE-2020-1971, a high severity vulnerability capable of crashing applications that use OpenSSL upon checking a maliciously crafted certificate. The issue lies within…

Read more →

Read the original article: Proof-of-Concept Exploit Code for Kerberos Bronze Bit Attack Published On December 8th, Jake Karnes of NetSPI published a new post-exploitation technique and exploit code that takes advantage of aspects of the Kerberos authentication protocol. The Bronze…

Read more →

Read the original article: Scammers Spoof Gift Card Balance Checking Page With the Christmas season upon us, cybercriminals are looking to make extra money by stealing gift card balances. A trick that they are using is to spoof legitimate gift…

Read more →