Tag: Threat Watch – Binary Defense

Read the original article: Around 100 GE Healthcare Machines Vulnerable to Two Critical-Severity Bugs Two critical vulnerabilities found affecting GE medical products could allow for personal healthcare information to be stolen and could potentially allow for the affected medical devices…

Read more →

Read the original article: Netgain Hosting Provider Forced to Take Down Data Centers After Ransomware Netgain, a cloud hosting and IT service provider, was forced to take their data centers offline after they suffered a ransomware attack in November. Netgain…

Read more →

Read the original article: Norway Says Russian Hacking Group APT28 is Behind August 2020 Parliament Hack Norway’s cyber security agency issued a report detailing a cyber-attack on the Norwegian parliament (Stortinget), attributing the attack to Russian hacking group APT28. APT…

Read more →

Read the original article: Recent VMware Vulnerability Being Exploited in the Wild After VMware released security updates for CVE-2020-4006 last week, the National Security Agency (NSA) is now warning that Russian state-sponsored actors are exploiting unpatched systems to deploy web…

Read more →

Read the original article: Electronic Manufacturer Foxconn Suffers Ransomware Attack by DopplePaymer The actors behind the DopplePaymer ransomware recently released internal files that they claim to have stolen from Foxconn North America. Since Thanksgiving weekend, Bleeping Computer has been following…

Read more →

Read the original article: Microsoft Teams Zero-Click Remote Code Execution Vulnerability A Remote Code Execution (RCE) bug has been found in Microsoft Teams that can compromise a computer with no user interaction required. The vulnerability was discovered and submitted to…

Read more →

Read the original article: MetaMask Cryptocurrency Wallets Phished with Google Ads Over the last week, Users of the MetaMask cryptocurrency wallet service have been losing funds through a malicious Google ad campaign. MetaMask has over one million users and an…

Read more →

Read the original article: Egregor Strikes Randstand Randstand, the world’s largest staffing agency, recently fell victim to Egregor Ransomware after their network was accessed and unencrypted files were stolen. Last week a portion of the data that the threat actors…

Read more →

Read the original article: Payment Card Skimmer Group Using Raccoon Info Stealer to Siphon Off Stolen Data A criminal group launched a multi-stage campaign earlier this year targeting e-commerce sites. The attack stole payment and user data using password-stealing malware.…

Read more →

Read the original article: New Magecart Script Found in Social Media Share Buttons A new Magecart style attack has been identified by researchers at the Dutch security firm Sanguine Security (SangSec). Magecart is an umbrella term used to describe various…

Read more →

Read the original article: Egregor Really Wants You to See Its Ransom Demands On December 1st, transportation agency TransLink announced that they were having issues with systems that affected phones, online services and payment processing. The transit services themselves were…

Read more →

Read the original article: Online Education Company K12 Affected by Ransomware On November 30th, the online education platform K12 announced that it had been hit by ransomware in mid-November. Sources tell BleepingComputer that Ryuk ransomware was behind the attack and…

Read more →

Read the original article: Trickbot Added New Feature to Infect UEFI/BIOS and Survive OS Reinstall Researchers from Advanced Intelligence and Eclypsium recently reported a dangerous new feature of Trickbot, the prolific malware threat that is spread through malicious spam campaigns…

Read more →

Read the original article: Some Android Apps Still Vulnerable After Patch Released There are still some Android Apps that total over 250 million downloads that are vulnerable to a flaw that was patched in August of this year. In August,…

Read more →

Read the original article: Phishing Campaigns Target Multiple Organizations in COVID-19 Cold Chain The COVID-19 vaccine cold chain, which is the supply chain for cold storage and movement of vaccines, has been recently targeted by threat actors. According to IBM’s…

Read more →

Read the original article: Security Failure Exposes Health Records and Lab Results NTreatment, a health technology company that offers a cloud service for doctors to manage electronic medical records, accidently leaked thousands of patient records. The company stored 109,000 files…

Read more →

Read the original article: OGusers Hacked For a Third Time OGusers, the forum known as a destination where its members buy, sell, and trade access to compromised social media accounts, was recently hacked for the third time. Users who visited…

Read more →

Read the original article: Wormable, Wireless iOS Exploit Granting Full iPhone, iPad Device Takeover Released Recently, researchers from Google’s Project Zero team have released a detailed explanation for a wormable iOS exploit that leverages the Apple Wireless Direct Link (AWDL)…

Read more →

Read the original article: Huntsville City Schools Shut Down Due to Ransomware Attack Huntsville City School District in Alabama has been forced to shut down for at least the remainder of the week due to a ransomware attack. The attack…

Read more →

Read the original article: Newly Discovered Cryptomining Malware Targets Exposed Docker Containers On December 1st, Cisco Talos announced a newly discovered XMR miner botnet they have called “Xanthe.” Xanthe’s actors are looking for misconfigured Docker containers with the Docker API…

Read more →

Read the original article: AspenPointe Data Breach U.S. healthcare provider AspenPointe has notified patients of a data breach that happened in September of this year. The attack enabled the thieves to steal protected health information (PHI) and personally identifiable information…

Read more →

Read the original article: Vietnamese Threat Actor APT32 Linked to Crypto-mining Operation Active since 2012, APT32 or OceanLotus has been known for complex hacking operations that had the main purpose of intelligence gathering both inside Vietnam and against other countries.…

Read more →

Read the original article: Unsecure ElasticSearch Database Leaks 1.7TB of Data Belonging to Apodis Pharma French healthcare software company Apodis Pharma was notified that their private data was publicly accessible on an unsecured ElasticSearch database which was discovered by the…

Read more →

Read the original article: Following DynDNS attacks, DNS Dependencies Have Only Gone Up Four years ago, there was a Distributed Denial of Service (DDoS) attack on DynDNS, a DNS service provider for many major websites. Since then, researchers have produced…

Read more →

Read the original article: DoppelPaymer Claims Attack on Banijay SAS-owned Endemol Shine Group Paris-based Banijay SAS is a French multinational entertainment production and distribution group with over 120 audiovisual production companies in 22 countries. It is responsible for many popular…

Read more →

Read the original article: Pennsylvania County Pays $500K Ransom to DoppelPaymer Ransomware. On Monday, November 23rd, Delaware County in Pennsylvania announced that it had suffered a data breach affecting multiple government networks, but not affecting emergency services or the board…

Read more →

Read the original article: Rand McNally Suffers Cyberattack American technology and mapping company Rand McNally was struck with a cyberattack, announced via their Facebook page Tuesday morning. Investigations ensued shortly after the announcement and the company affirmed that no customer…

Read more →

Read the original article: 16 Million Brazilian COVID-19 Patients Data Exposed Millions of Brazilian citizens including the President, ministers, and Provincial Governors have had their health details leaked. The leak originated after an employee at a hospital uploaded a spreadsheet…

Read more →

Read the original article: Ransomware Hits Largest U.S. Fertility Clinic US Fertility (USF), America’s largest fertility center, states that they suffered a ransomware attack in September of this year. USF is composed of 55 locations across 10 states and employs…

Read more →

Read the original article: Belden Suffers Breach On Tuesday, the leader in single transmission solutions, Belden, suffered a breach that affected some servers within the company. Employees of Belden along with the help of third-party forensics experts discovered the suspicious…

Read more →

Read the original article: Fake ‘Minecraft Mods’ Attack More Than One Million Android Devices Since July, researchers have discovered more than 20 Google Play Minecraft apps disguised as “modpacks” for the Android version of Minecraft that actually deliver abusive ads…

Read more →

Read the original article: MobileIron Remote Code Execution Vulnerability Discovered and responsibly disclosed in March, researcher Orange Tsai found a Remote Code Execution (RCE) vulnerability in the MobileIron Mobile Device management (MDM) systems. MDM systems allow administrators to remotely control…

Read more →

Read the original article: Phishing Email Campaign Impersonates Government Pandemic Relief Agencies A newly found phishing email campaign is impersonating U.S. government agencies that offer federal assistance for COVID-19 financial relief. The primary purpose of these new attacks is to…

Read more →

Read the original article: Trickbot Update Moves Off Disk, Becomes Harder to Detect In its 100th update, the Trickbot authors attempt to position their loader to evade detection by neveronly briefly to touching the disk. In a summary byIn his…

Read more →

Read the original article: South Korean Conglomerate E-Land Infected by Undisclosed Ransomware South Korean conglomerate E-Land has been infected by a ransomware attack over the weekend causing several retail stores to shut down. Chang-Hyun Seok, CEO of E-Land Retail, confirmed…

Read more →

Read the original article: Update to Crippling Cyberattack on Brazilian Courts In an update originally reported by ZDNet, the Brazilian Superior Electoral Court (STJ) has managed to resume operations after a cyberattack took down their systems for more than two…

Read more →

Read the original article: “Vote Joe’ Website Defaced by Turkish Hackers A website set up by the Joe Biden Campaign has been targeted and defaced by a Turkish hacker. The hackers, which claimed the breach and defacement of the website,…

Read more →

Read the original article: Common Malware Families That Lead to Ransomware A list of the most common (and therefore most dangerous) families of malware that lead to ransomware has been released by ZDNet. In this list are some of the…

Read more →

Read the original article: Critical Vulnerabilities in VMWare ESXi, Workstation and Fusion Patched VMWare issued security patches to close critical vulnerabilities in its hypervisor software including ESXi, Workstation and Fusion. The vulnerabilities, CVE-2020-4004 and CVE-2020-4005, could allow an attacker who…

Read more →

Read the original article: Mount Locker Ransomware is Now Targeting TurboTax Returns The Mount Locker gang is taking an unusual approach to extort affected victims as the year comes to a close and tax season approaches. While the gang is…

Read more →

Read the original article: REvil Ransomware Hits Managed[.]com On Monday morning of this week, Managed[.]com announced that they had suffered an issue that affected the availability of their services and that they are investigating the issue. It was first reported…

Read more →

Read the original article: Liquid Crypto-Exchange Accessed by Unauthorized Party Officials at the crypto-currency exchange Liquid released a blog stating they were a victim of a cyber-attack. The company stated that on Friday, November 13th, 2020 a hacker managed to…

Read more →

Read the original article: New Strain of Skimming Malware Attacking E-Commerce Sites A new strain of e-skimming malware has been identified by researchers at RiskIQ recently. The malware is similar to Grelos which is commonly associated with Magecart. This time,…

Read more →

Read the original article: Americold Hit With Cyber Attack Americold, the nation’s leading cold storage facility has stated that they were the victim of a cyber-attack that caused a precautionary shutdown of several systems. Phone, email, and inventory maintenance have…

Read more →

Read the original article: Sucuri Name Being Used by E-Skimmer to Avoid Detection Cybersecurity company Sucuri recently revealed that they discovered an e-skimmer taking advantage of their name in order to go unnoticed. The attackers inject the base64-encoded JavaScript skimmer…

Read more →

Read the original article: New Zoom Feature Can Alert Room Owners of Possible “Zoombombing” Disruptions As the COVID-19 pandemic became more prevalent businesses were forced to find a way to operate with their workforce at home, making Zoom an essential…

Read more →

Read the original article: Exposed Database Reveals Compromised Facebook Accounts Researchers from vpnMentor have found an open Elasticsearch database that appears to be owned by cybercriminals which contains over 100,000 Facebook users’ login credentials. It appears that fraudsters were using…

Read more →

Read the original article: Cencosud Infected by Egregor Ransomware Chilean retail giant Cencosud is currently dealing with an Egregor ransomware infection affecting multiple stores. Affected stores remained open, though some services were impacted due to the incident. One store in…

Read more →

Read the original article: Citrix Releases Patches for Critical RCE Vulnerabilities in SD-WAN Center Recently, Citrix has issued a patch for three critical vulnerabilities in its SD-WAN Center software that allow for unauthenticated Remote Code Execution (RCE) with root privileges.…

Read more →

Read the original article: Lazarus Supply‑Chain Attack in South Korea This morning, ESET published their research into a unique watering hole attack that takes advantage of a Korean based security product used widely by the South Korean government and Internet…

Read more →

Read the original article: Texas Drivers Impacted by Breach of Vertafore Insurance software company Vertafore was hit with a data breach back in March that exposed information for over 27 million Texas drivers. Three files were uploaded to an external…

Read more →

Read the original article: DarkSide Ransomware Group Makes New Storage System DarkSide Ransomware operators have posted on a Russian speaking forum that they will be creating a distributed storage system in Iran to store victim data for up to six…

Read more →

Read the original article: North Face Suffers Credential Stuffing Attack Outdoor retail manufacturer The North Face has forced a password reset for an undisclosed number of customers after they suffered a successful credential stuffing attack that took place on October…

Read more →

Read the original article: Attackers Target Gaming as the Latest ‘Always On’ Industry Impacted by Ransomware Game developers Ubisoft and Crytek were victims of ransomware attacks carried out by the Egregor ransomware gang in October. Files from Crytek’s game development…

Read more →

Read the original article: ModPipe Backdoor Targets Oracle Point of Sale System Researchers at ESET have discovered a new Point of Sale (POS)malware they are calling ModPipe. ModPipe targets Oracle’s MICROS RES 3700 POS System which is in use by…

Read more →

Read the original article: Comodo Releases Open Source EDR Solution Comodo, a well known cybersecurity firm, has released its Open Source endpoint detection and response solution, named OpenEDR.  In a statement by Comodo’s chief Revenue Officer at Comodo, the company…

Read more →

Read the original article: Decompiled Source Code of Cobalt Strike Released on GitHub On November 11, 2020, a user named FreakBoy allegedly released the source code to Cobalt Strike 4.0. Cobalt Strike is a known closed-source and legitimate post-exploitation toolkit…

Read more →

Read the original article: Critical Vulnerabilities in Microsoft Software Fixed in November 2020 Patch Tuesday Microsoft’s November 2020 Patch Tuesday saw 112 total fixes released for vulnerable Microsoft products. Out of the 112 patches released yesterday, 17 were listed as…

Read more →

Read the original article: Ghimob – New Infostealer in the Cyber Arena Guildma, a threat actor associated with the Tetrade malware family, has created a new banking Trojan called Ghimob, which targets Android smartphones by tricking users into installing an…

Read more →

Read the original article: Scammers Impersonating IRS to Steal Money Up to 70,000 email inboxes of users from Microsoft Office 365 have been targeted with scam email’s impersonating the IRS according to researchers at Abnormal Security. The scammers are using…

Read more →

Read the original article: Ransomware Group Used Facebook Ads to Pressure Victim Modern ransomware was first introduced in 2012 and has been constantly evolving over the years to increase damage to victims and force payment to the criminals. The new…

Read more →

Read the original article: Ultimate Member WordPress Plugin Vulnerable to Privilege Escalation Ultimate Member is a free WordPress plugin for managing user registration and profiles with features to help create an online community. On October 23rd, the Threat Intelligence team…

Read more →

Read the original article: Malicious Npm Package Stealing Discord Credentials and Browser Data ZDNet reported that researchers at Sonatype discovered a malicious JavaScript library recently published on the node package manager (npmjs.com) website that steals sensitive files and credentials from…

Read more →

Read the original article: Google Adds Tab-Nabbing Protection to Next Chrome Release In an update scheduled to go live with Chrome 88 in January 2021, Google has included tab hijacking protection in their browser. This protects against instances where links…

Read more →

Read the original article: Luxottica Data Breach Luxottica, the world’s largest eyewear company, has disclosed a data breach that exposed the personal and protected information of patients of LensCrafters, Target Optical, EyeMed, and other eye care practices. Luxottica has released…

Read more →

Read the original article: SMS Text Message Phishing Campaign Targeting UK Residents A new SMS phishing (sometimes called “smishing”) campaign has been targeting UK residents. The HM Revenue and Customs (HMRC) tax rebate scams have been tricking many people into…

Read more →

Read the original article: Compal, the Second-Largest Laptop Manufacturer in the World, Hit by Cyber Attack Compal, a Taiwanese laptop manufacturer that produces laptops for companies including Apple, Acer, Dell, and Toshiba, fell victim to a ransomware attack over the…

Read more →

Read the original article: X-Cart Infected with Ransomware X-Cart, known for its e-commerce software, was struck with ransomware at the end of October. The attackers were able to access X-Cart’s store hosting systems which caused some stores to completely go…

Read more →

Read the original article: Operation North Star Hacking Group’s Tactics Identified As reported by ZDNet, researchers with McAfee have released further analyses of a campaign dubbed “Operation North Star” that detail the tools used by this hacking group.  While the…

Read more →

Read the original article: RansomExx Infects Brazil’s Superior Court of Justice Brazil’s Superior Court of Justice has announced an attack against the Superior Court of Justice’s (STJ) network Tuesday that is currently affecting some court services. Brazilian journalist Mateus Nunes…

Read more →

Read the original article: Oracle WebLogic Bug Exploited to Drop Cobalt Strike Following the recent release of proof-of-concept code to exploit CVE-2020-14882, several opportunistic threat actors are attempting to use the exploit to gain a foothold on vulnerable Oracle WebLogic…

Read more →

Read the original article: Video Game Designer Capcom Hit with Cyber Attack Capcom, known for its design of popular video games announced that it suffered a possible ransomware attack on November 2nd. The attack caused disruptions to some of the…

Read more →

Read the original article: VoIP Systems Being Exploited by Threat Actors The post VoIP Systems Being Exploited by Threat Actors appeared first on Binary Defense.   Become a supporter of IT Security News and help us remove the ads. Read…

Read more →

Read the original article: Russian Authorities Make Rare Arrest of Malware Author Russia has a history of turning a blind eye to cybercrime operations that attack organizations outside of Russia. They often ignore or dismiss indictments by US authorities so…

Read more →

Read the original article: REvil Ransomware Gang Acquires KPOT Stealer After being announced by researcher Pancak3 and reported by ZDNet, it is now public that the REvil ransomware gang has purchased the source code to the KPOT stealer at the…

Read more →

Read the original article: New RegretLocker Ransomware Mounts and Encrypts Virtual Drives A new ransomware called RegretLocker was discovered in October. Rather than Tor payment sites, the ransom note left by the attackers instructs victims to send an email. The…

Read more →

Read the original article: Rise in Emotet Could Lead to More Ransomware According to malware researchers at HP-Bromium in an October 2020 Threat Insights Report, The number of Emotet detections increased 1200% from July to September. Emotet is distributed through…

Read more →

Read the original article: Malicious Package Removed From npm Website Sonatype, known for its monitoring of public packet repositories, discovered a malicious JavaScript library on Friday that was originally published on npm’s website on the same day. The package was…

Read more →

Read the original article: Windows Zero-Day Exploited in the Wild for Sandbox Escape Details about a Windows driver bug have been released by the Google Project Zero team before any patch for the bug has been made available by Microsoft.…

Read more →

Read the original article: SEC Chair Says Cybersecurity Threats to Corporate America are Present Now ‘More Than Ever’ The Securities and Exchange Commission Chairman (SEC) Jay Clayton is warning corporate America that the threat of cyber-attacks is real, and it…

Read more →

Read the original article: UHS Hospitals Mostly Recovered After Ransom Attack Just over a month after suffering a ransomware attack, Universal Health Services (UHS) has managed to restore most of its affected systems. The attack took place on September 27th…

Read more →

Read the original article: Marriot Fined 18.4 Million GBP Following Four Year Long Compromise Originally reported by ZDNet, the popular hotel chain Marriott has been hit with a £18.4 million GBP fine from the UK’s Information Commissioner’s Office (ICO) following…

Read more →

Read the original article: University Email Accounts Used for Phishing In a recent finding from researchers at Inky, compromised popular university email accounts are being used to perform phishing attacks. The email accounts used in the phishing attacks are speculated…

Read more →

Read the original article: Hall County in Georgia Stolen Data Leaked by Doppelpaymer Hall County in Georgia became the victim of a cyber-attack on October 7th that affected their networks and phone systems. County representatives initially stated that they believed…

Read more →

Read the original article: Cyberattack Targets Networks of Vermont, New York Hospitals A recent cyberattack impacted the networks of seven hospitals in New York and Vermont. The attack was made public a day after the FBI and the Department of…

Read more →

Read the original article: Iranian group Phosphorus Targeting High Profile Conferences, Warns Microsoft Originally reported by Zdnet, Microsoft’s Threat Intelligence Information Center has released a warning detailing an ongoing credential harvesting attack against more than 100 high profile individuals attending…

Read more →

Read the original article: Sky Lakes Medical Center Responding to Ransomware Incident Sky Lakes Medical Center, a hospital in Oregon, made an announcement via Facebook Tuesday that it was the victim of a ransomware attack. Although the incident may have…

Read more →

Read the original article: FBI Announces Joint Statement Concerning Imminent Threat Against the Healthcare Industry In a joint statement, the FBI and CISA are warning the healthcare industry that threat actors utilizing Ryuk Ransomware are actively targeting hospitals and healthcare…

Read more →

Read the original article: New York County Affected by Cyber-Attack Chenango County in south-central New York state recently suffered a cyber-attack that affected some of the county’s computer systems. It is believed that more than 200 computers were compromised with…

Read more →

Read the original article: TrickBot Linux Variants Active in the wild Despite Recent Takedown TrickBot is a traditionally Windows based crimeware botnet that has been utilized by threat actors since 2016. It performs a wide range of malicious activities on…

Read more →

Read the original article: Steelcase Furniture Ransomware Attack Steelcase furniture is the largest office furniture manufacturer with approximately 13,000 employees and $3.7 billion in sales annually. In a release by Steelcase, the company stated that on October 22nd they detected…

Read more →

Read the original article: Hacker Steals $24 Million worth of Cryptocurrency from “Harvest Finance” Service Originally reported by ZDNet, a hacker has stolen $13 million worth of USD Coin and $11 million worth of Tether in a single transaction from…

Read more →

Read the original article: KashmirBlack Botnet Attacking Outdated Content Management Systems Researchers from Imperva released a report about the KashmirBlack botnet, which has grown significantly over the last six months and is now capable of attacking thousands of websites per…

Read more →

Read the original article: Hundreds of Patient Records Leaked in Vastaamo Breach Last Wednesday, Finnish Psychotherapy Center Vastaamo announced an incident in which a threat actor demanded an extortion payment in return for a promise not to publish a stolen…

Read more →

Read the original article: US Treasury Department Sanctions Russian Government Research Institution Connected to the Triton Malware Last Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated, pursuant to Section 224 of the Countering America’s Adversaries…

Read more →

Read the original article: Six Malicious Flash Installer Apps Discovered and Fixed by Apple Recent reports have revealed that Apple has fixed six malicious apps that have been passed off as Adobe Flash Installers. Surprisingly, the apps made it through…

Read more →

Read the original article: Emotet Malware Uses Fake Microsoft Word Update Message Emotet is malware that typically spreads through email messages containing Word documents with malicious macros. Some of the email lures are actual messages with a reply chain history…

Read more →

Read the original article: Angry Mayor Decries Cyber Attack as “Morally Repugnant” Following Service Disruption ZDnet reported that after a recent cyber attack that has left the city of Hackney in London without access to many key services, the mayor…

Read more →

Read the original article: Attackers Abuse Facebook Links, Bit.ly, and Cross Site Scripting for Scams Researchers at Malwarebytes Labs reported that threat actors have recently been detected using links from Facebook to entice individuals to click through to a series…

Read more →

Read the original article: Georgia County Affected by Ransomware Attack A ransomware attack against Hall County in Georgia was publicly disclosed on October 7th, affecting “critical systems,” including the phone and email services. A voter signature database and precinct map…

Read more →