Tag: Threat Watch – Binary Defense

Read the original article: US Blames Iran for Spoofed Proud Boys Emails Threatening Democrat Voters Director of National Intelligence John Ratcliffe and FBI Director Christopher Wray held a hasty press conference last night to discuss security concerns with the US…

Read more →

Read the original article: QNAP Warns of Zerologon Flaw in Network Attached Storage Devices Network-attached storage (NAS) device manufacturer QNAP is warning its customers that some NAS devices running vulnerable versions of the QTS operating system are exposed to attacks…

Read more →

Read the original article: Iran Linked Group Targets Organizations in the Middle East Seedworm, a highly active threat group that is linked to the Iranian government, has been targeting organizations in the Middle East. Many of the attacks linked to…

Read more →

Read the original article: Advertisement Scam Involving British Retailer Marks & Spencer A scam involving someone impersonating the CEO of the British retailer Marks & Spencer has been observed by security researchers recently. Advertisements have been posted online that show…

Read more →

Read the original article: Adobe Releases Out-of-Band Patch to fix Critical Bugs Across Creative Software Adobe has released another emergency out-of-band patch in order to fix critical bugs impacting the following products: Adobe Illustrator – Received fixes for 7 critical…

Read more →

Read the original article: Advanced Attackers Targeting Cisco Discovery Protocol Vulnerability An advisory published by the US National Security Agency (NSA) on October 20th warns that attackers continue to exploit many high-profile vulnerabilities, including the Pulse Secure VPN, Citrix ADC,…

Read more →

Read the original article: Recent Barnes & Noble Attack Was Likely Egregor New details have emerged about the cyberattack against Barnes & Noble since we last wrote about it on October 16th. After publishing their report last Wednesday, Bleepingcomputer was…

Read more →

Read the original article: FBI Issues Warning of Spoofed US Census Bureau Site The Federal Bureau of Investigation (FBI) has issued a flash alert to warn of potentially spoofed domains that attempt to mimic the domain name of the US…

Read more →

Read the original article: Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace The US government formally charged six Russian Intelligence officers for conducting multiple destructive malware attacks. All six…

Read more →

Read the original article: Florida Voter Data Found on Russian Hacking Forum Personal identity data claimed to be associated with nearly 15 million Florida voters has been found on a well-known Russian hacking site. As of December 2019, there were…

Read more →

Read the original article: Hackers Hijack Telegram Accounts by Stealing 2FA Codes Sent Through SMS Hackers who had access to the Signaling System 7 (SS7) have managed to target high-level employees within the crypto-currency industry. The hackers used SS7 to…

Read more →

Read the original article: Egregor Ransomware Claims Data Stolen from Crytek and Ubisoft Late last week, the data leak site for the Egregor ransomware published a small amount of stolen data that they claim to have taken from video game…

Read more →

Read the original article: Discord Patches Remote Code Execution Chain Vulnerability Recently, Discord has issued a patch for a critical issue in the desktop version of their messaging app. This critical issue left users exposed to remote code execution (RCE)…

Read more →

Read the original article: GravityRAT Returns, Targeting Android Devices Researchers at Kaspersky Labs published a technical report about Microsoft Windows malware known as GravityRAT that was previously seen in 2017 and 2018 targeting the Indian armed forces. The researchers believe…

Read more →

Read the original article: Dickey’s BBQ Pit Restaurant Chain Data Theft The largest barbecue restaurant chain, Dickey’s BBQ Pit, suffered a data breach that was discovered this week but appears to have been ongoing since July 2019. The attackers stole…

Read more →

Read the original article: QQAAZZ Group Charged With Laundering Money for Other Cybercrime Groups Indictments that have been unsealed showed that 20 members of the QQAAZZ money laundering group were arrested in Latvia, Bulgaria, the United Kingdom, Spain, and Italy.…

Read more →

Read the original article: Barnes & Noble Most Recent Victim of a Cyber Attack Book store giant Barnes & Noble has been notifying clients since October 12, 2020, about a cyber-attack. According to the store, on October 10, 2020, they…

Read more →

Read the original article: ‘Network Access’ Sold on Hacker Forums Estimated at $500,000 in September 2020 Cyber security firm KELA published a report stating it indexed 108 network access listings on popular hacking forums. The estimated total value of all…

Read more →

Read the original article: SonicWall VPN Vulnerability Could Lead To Remote Code Execution Researchers with Tripwire’s VERT have identified a buffer-overflow in SonicWall’s Network Security Appliance, allowing for persistent denial of service. This flaw can be triggered using a custom…

Read more →

Read the original article: New Financially Motivated Threat Actors Sharing TTPs In a recent report, FireEye’s Mandiant publicly announced the identification of a new financially motivated threat group dubbed FIN11. The most notable characteristic of FIN11 is its overlap with…

Read more →

Read the original article: ‘Network Access’ Sold on Hacker Forums Estimated at $500,00 in September 2020 Cyber security firm KELA published a report stating it indexed 108 network access listings on popular hacking forums. The estimated total value of all…

Read more →

Read the original article: Russian Actors Accused of Stealing Email from Parliament of Norway Norwegian officials have speculated that members of Parliament fell victim to a cyber-attack. They believe the attack was carried out by Russian state-sponsored threat actors. The…

Read more →

Read the original article: BleedingTooth Bluetooth Flaw Google has released details of a high-impact security flaw that affects the Bluetooth stack in the Linux kernel versions below 5.9 that support BlueZ. The flaw, tracked as CVE-2020-12351, is “Improper input validation…

Read more →

Read the original article: Microsoft October Patch Tuesday For this month’s Patch Tuesday, Microsoft took care of 87 vulnerabilities that varied in severity and the product they affected. Two of the more serious vulnerabilities are CVE-2020-16898 and CVE-2020-16947. The first…

Read more →

Read the original article: Emotet Botnet Takes a Brief Hiatus From Malware Spamming Recently, following the release of the public website “HaveIBeenEmotet.com” to allow companies to search for their domain name and find out if they’ve been targeted, Emotet has…

Read more →

Read the original article: Fitbit Vulnerable to Watch Face Spyware Immersive Labs director of cyber threat research Kevin Breen developed a proof-of-concept exploit for Fitbit devices after discovering malicious apps could be created using one of the Fitbit API’s. Creating…

Read more →

Read the original article: APT Using Two Vulnerabilities Together to Attack Government Networks According to a joint report from the FBI and CISA on October 9th, 2020 an Advanced Persistent Threat (APT) was observed using two separate vulnerabilities to make…

Read more →

Read the original article: Carnival Cruise Line Ransomware Attack Carnival Corporation, the world’s largest cruise line operator, has confirmed that they were the victim of a ransomware attack that involved the theft of personal information of customers, employees, and ship…

Read more →

Read the original article: Microsoft, FS-ISAC, ESET and Others Coordinate Takedown of Trickbot On Monday, October 12th, a coalition of companies and organizations cooperated to help over one million victims of the Trickbot malware through legal action and technical takedowns.…

Read more →

Read the original article: The Evolution of an Android Ransomware Family Microsoft has recently published a technical report covering the evolution of an Android-targeting ransomware family.  Android malware doesn’t typically encrypt files, but instead prevents access to the device using…

Read more →

Read the original article: US Seizes Iranian Government Domains Masked as Legitimate News Outlets US law enforcement, with the help of major technology corporations, seized nearly one hundred domains that were being used to spread propaganda by Iran’s Islamic Revolutionary…

Read more →

Read the original article: Springfield Public Schools Shuts Down After Ransomware Incident Springfield Public Schools is one of the largest school districts in Massachusetts. Within the district, there are more than 60 schools, over 25,000 students and 4,500 staff members.…

Read more →

Read the original article: Fraudulent Apps Can Make Huge Profit In a recent move by the Google Play Store, over 240 apps were removed that were infected with fraudulent advertising components. For months, the army of deceptive apps, which were…

Read more →

Read the original article: The Southeastern Pennsylvania Transportation Authority (SEPTA) Has Been Affected by Ransomware The Pennsylvania transportation company SEPTA disclosed a ransomware attack that has been affecting their systems since August. Due to the attack, services such as employee…

Read more →

Read the original article: Phishing Emails Using Trump COVID-19 Information Researchers at ProofPoint have identified a new phishing campaign that is using the positive COVID-19 test of the President of the United States as a lure in the email. The…

Read more →

Read the original article: Hackers Exploit Windows Error Reporting Service in New Fileless Attack A new fileless attack, named the “Kraken” attack, was detected by Malwarebytes security researchers on September 17th. The attack technique abuses the Microsoft Windows Error Reporting…

Read more →

Read the original article: HEH – A new IOT Botnet: Researchers at 360 Netlabs have identified a new P2P IOT botnet named “HEH”.  This botnet, which was written in GO and uses Telnet bruteforcing to spread consists of 3 key…

Read more →

Read the original article: Malware Campaigns Using Obscure Paste Service Research by Juniper Labs has uncovered several malware campaigns using a paste service called “Paste.nrecom.” Using a paste service such as Pastebin.com is nothing new for malware, though many tend…

Read more →

Read the original article: Ransomware Attacks on the Rise Malware researchers from Check Point and IBM X-Force Incident Response Teams have released data that details the rise of ransomware. The top ransomware families are Maze, Ryuk, and REvil (Sodinokibi) and…

Read more →

Read the original article: Magecart Attack Compromises Mobile Provider The Magecart group Fullz House has injected the website of a mobile service provider with a credit card stealer. Magecart is the umbrella term used for all cyber-related crime groups that…

Read more →

Read the original article: Two Flaws Affecting WordPress Plugin Post Grid Researchers have discovered that two new high severity vulnerabilities are affecting the WordPress plugin Post Grid which has over 60,000 installations. While both flaws are awaiting a CVE number,…

Read more →

Read the original article: University Hospital New Jersey Pays $670k Ransom After the operators behind the SunCrypt ransomware published nearly 50,000 files stolen from University Hospitals New Jersey (UHNJ), the hospital reached out to the group to negotiate a payment…

Read more →

Read the original article: Hacking Team Leaks Leads to UEFI Firmware Persistent Malware An older malware sample known as VectorEDK, which was publicly revealed five years ago as part of the Italian  “Hacking Team” leaks, has been repurposed and is…

Read more →

Read the original article: New Ransomware Vaccine Kills Programs That Wipe Windows Shadow Volumes Security researcher Florian Roth released a new anti-ransomware “vaccine” software called Raccine. Raccine terminates any processes that try to delete volume shadow copies using Microsoft’s vssadmin.exe…

Read more →

Read the original article: State-Sponsored Hacking Group Infiltrated Companies for Over a Year Researchers at Symantec have identified a new campaign from the group known as Palmerworm or BlackTech. The group has been around since 2013 but has never been…

Read more →

Read the original article: Arthur J. Gallagher Discloses Ransomware Attack The well-known US-based insurance firm Arthur J. Gallagher (AJG) disclosed a ransomware attack that occurred on September 26th, 2020. AJG did a fantastic job of responding to the attack as…

Read more →

Read the original article: Exorcist 2.0 Ransomware Update The cybercriminals behind the Exorcist 2.0 ransomware are now using malicious advertising redirects to trick victims into downloading their malware. According to security researcher Nao_Sec, PopCash malvertising is redirecting users from legitimate…

Read more →

Read the original article: CMA CGM Reportedly Infected by Ragnar Locker Yesterday, the French maritime transport and logistics company CMA CGM released a statement about an attack impacting its servers. “As soon as the security breach was detected, external access…

Read more →

Read the original article: FBI Warns of Disinformation Campaigns Falsely Claiming Hacked Voter Information The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint public service announcement yesterday about the threat of…

Read more →

Read the original article: After Failing to Extort Nevada School District, Criminals Leak Student Data After a failed attempt to extort a ransomware payout from Clark County School District in Nevada, cybercriminals have dumped student and employee personal information onto…

Read more →

Read the original article: REvil RaaS Means Business The REvil ransomware (Sodinokibi) operation has deposited 99 Bitcoins (approximately $1 million USD) on a Russian-speaking hacker forum to prove to its affiliates that they mean business. The ransomware group posted on…

Read more →

Read the original article: Hackers Scanning for Unpatched Domain Controllers Vulnerable to CVE-2020-1472 A security researcher at Microsoft witnessed hundreds of exploitation attempts against honeypot servers over the weekend that match the exploit chain for “ZeroLogon.” ZeroLogon is a known…

Read more →

Read the original article: UHS Hospitals Across the United States Reportedly Impacted by Ryuk Ransomware On Sunday night, September 27th, reports of a possible ransomware attack began to appear on Reddit from people who work for Universal Health Service (UHS),…

Read more →

Read the original article: Alien Malware Steals Credentials From More Than 220 Android Apps and Google Authenticator A new Android threat called Alien Malware or Alien RAT, which appears to have ties to the Cerberus banking malware, has been seen…

Read more →

Read the original article: Polish Police Shut Down Hacker Super-Group Involved in Bomb Threats, Ransomware and SIM-swapping Polish authorities shut down a prominent Polish hacking group and arrested four individuals with four more under investigation. The group has been under…

Read more →

Read the original article: Windows XP Source Code Leaked Online Recently, the Windows XP source code was leaked onto 4chan as a 42.9GB torrent file, as originally reported by ZDNet. The leak included the source code for Microsoft’s older OS,…

Read more →

Read the original article: New “Mount Locker” Ransomware Demanding Millions A relatively new ransomware called Mount Locker is joining several other ransomware families in stealing files before encryption and demanding ransom amounts in the millions. When encrypting files, Mount Locker…

Read more →

Read the original article: Operation SideCopy Recent findings from Quick Heal’s threat intelligence team revealed that the Indian defense forces have been dealing with an Advanced Persistent Threat (APT) in a long-term campaign that is being called Operation SideCopy. Common…

Read more →

Read the original article: QNAP NAS Needs Firmware Update The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cybersecurity Centre (NCSC) have issued an alert about the QSnatch malware that affects  QNAP NAS devices. A network-attached-storage (NAS)…

Read more →

Read the original article: CISA Warns of Uptick in LokiBot Stealer The United States Cybersecurity and Infrastructure Security Agency (CISA) released a warning that the LokiBot information-stealing trojan has seen a resurgence in activity starting in July 2020. LokiBot targets…

Read more →

Read the original article: Luxottica Hit by Ransomware The eyewear company Luxottica, which is parent company to brands including Ray-Ban and Oakley, has suffered a ransomware attack. On Friday, users on Reddit began reporting that sites for many Luxottica-owned brands…

Read more →

Read the original article: A New Hacking Group Hit Russian Companies with Ransomware A new ransomware threat actor has emerged using the code name “OldGremlin.”  The group is responsible for at least nine ransomware attacks since March of this year.…

Read more →

Read the original article: APT 28 Targeting NATO Members with NATO-Themed Lure Originally identified by QuoIntelligence, APT 28 has been distributing Zebrocy malware to NATO members using NATO course themed lures. This campaign ran on August 5th, and arrived on…

Read more →

Read the original article: Loxottica Hit by Ransomware The eyewear company Luxottica, which is parent company to brands including Ray-Ban and Oakley, has suffered a ransomware attack. On Friday, users on Reddit began reporting that sites for many Luxottica-owned brands…

Read more →

Read the original article: The Dark Overlord Threat Group Member Pleads Guilty Nathan Wyatt, a member of the threat group known as The Dark Overlord (TDO) was extradited to the United States from the UK in December 2019. Wyatt received…

Read more →

Read the original article: Phishing Isn’t Just for Money Scammers have tried to rip off computer equipment suppliers with targeted phishing emails that impersonate the Texas Department of State Health Services (DSHS) commissioner. The scammers did their homework and crafted…

Read more →

Read the original article: IP Photonics Hit with Ransomware IP Photonics Corp. was hit recently with a ransomware attack that shut down their IT systems worldwide as first reported by Bleeping Computer on Friday. The ransomware used in this attack…

Read more →

Read the original article: Homicide Case Opened After Ransomware on Dusseldorf Hospital Originally reported by The Guardian, German prosecutors have opened an investigation into the ransomware attack which resulted in a death, with the anticipated charge of “negligent homicide.” The…

Read more →

Read the original article: Recent Study Shows Phishing Awareness Training Ineffective After Six Months A recent study presented at the USENIX SOUPS security conference has confirmed what many security experts have suspected for years: phishing awareness training wears off quickly.…

Read more →

Read the original article: Windows Defender Removes Controversial Download Option Earlier this month, Microsoft met backlash for adding a new “-DownloadFile” command line option to Windows Defender, enabling anyone with some level of access to the system to download files…

Read more →

Read the original article: Maze Ransomware’s New Trick – Hiding in a Virtual Machine Maze ransomware is one of the most dangerous cyber-criminal groups around today with ransom demands over six figures and if the victim does not pay, they…

Read more →

Read the original article: Apple Safari RCE Vulnerability The Safari browser from Apple contains a Remote Code Execution (RCE) vulnerability in its Webkit Feature. An attacker could use this vulnerability to trigger a use-after-free condition in the WebCore, the DOM-rendering…

Read more →

Read the original article: Iranian Threat Actor using Android Malware to Steal 2FA Codes Rampant Kitten: The Iranian threat actor Rampant Kitten has developed Android malware that is designed to steal 2-factor Authentication (2FA) codes from text messages. Research from…

Read more →

Read the original article: Threat Actors Send Fake Phishing Training A new phishing campaign has been spotted by email security company KnowBe4 that is trying to lure victims in with a warning to complete their security awareness training within 24…

Read more →

Read the original article: Ransomware Attack on German Hospital Leads to Fatality An attack on the Duesseldorf University Clinic’s systems has led to what might be the first fatality indirectly resulting from a ransomware attack. Last Thursday, an unidentified hacker…

Read more →

Read the original article: NCSC Warns of Spike in Hackers Targeting Universities With Ransomware Originally reported by ZDNet, the UK’s National Cyber Security Centre (NCSC) has issued a warning about an increase in hackers targeting universities with ransomware attacks. In…

Read more →

Read the original article: U.S. Charged Two Hackers in Website Defacements After Soleimani Killing Following the killing of the Iranian military general Qasem Soleimani by United States forces earlier this year, at least 51 websites were defaced after being compromised.…

Read more →

Read the original article: Veteran Affairs Data Breach The U.S. Department of Veteran Affairs (VA) has suffered a data breach that exposed the personal information of over 46,000 veterans. In the data breach notification, the VA states that the attackers…

Read more →

Read the original article: Staples Security Incident The retail office supply chain Staples recently notified its customers that their personal information was exposed through the Staples website. Some are speculating that this is a hacker incident and there is good…

Read more →

Read the original article: FBI Releases Technical Indicators and True Names of APT 41 Threat Actors On September 16th, the FBI publicly released information regarding an indictment of five threat actors based in the People’s Republic of China (PRC) for…

Read more →

Read the original article: ZeroLogin Active Directory Exploit Allows for Complete Domain Takeover The information security firm Secura recently released a writeup of a very serious flaw in Windows Server and Active Directory which allows attackers to completely take over…

Read more →

Read the original article: SunCrypt Ransomware Hits New Jersey Hospital University Hospital New Jersey (UHNJ) is apparently the most recent victim of the SunCrypt ransomware. The operators behind SunCrypt claim to have obtained 240GB of data, 1.79GB of which have…

Read more →

Read the original article: Known Vulnerabilities Being Used Against Government, Private Companies Yesterday, US-CERT released an advisory on hackers affiliated with China’s Ministry of State Security (MSS) targeting government agencies and private companies through recent high-profile vulnerabilities with readily available…

Read more →

Read the original article: Razer Data Leak Razer, the gaming hardware manufacturer known for laptops, keyboards, and other high-end gaming devices has suffered a data leak after an exposed database from their online store was discovered. Around August 19th, security…

Read more →

Read the original article: Maze Ransomware Strikes Fairfax County Public Schools With more than 188,000 students and 25,000 employees, Fairfax County Public Schools in Virginia is one of the largest school districts in the US. A statement from Fairfax County…

Read more →

Read the original article: APT28 Targets Office 365 Logins With Password Spraying APT28 (Russia): The Russian-linked APT28 threat group, also known as Fancy Bear, was seen carrying out a large-scale attack against Office 365 users according to researchers at Microsoft.…

Read more →

Read the original article: “Malsmoke” Threat Actor Group Targets Porn Sites with Malicious Ads Originally reported by ZDnet, Malwarebytes has released a new report detailing a recently discovered threat actor group, nicknamed “Malsmoke.”  Malsmoke has been systematically attacking “practically all…

Read more →

Read the original article: Microsoft Report Discloses Russian, Chinese, and Iranian Hacks Targeting U.S. Elections Russia/China/Iran: A report released by Microsoft on Thursday confirmed what many have suspected since the 2016 presidential election: hackers haven’t stopped trying to hack U.S.…

Read more →

Read the original article: Attackers Actively Abusing WP File Manager Plugin Last week, a flaw in the WP File Manager plugin for WordPress was discovered being abused in the wild. It was quickly reported and subsequently patched by the developers…

Read more →

Read the original article: CDRTheif Malware Steals Linux Softswitches VoIP Metadata Researches at ESET analyzed new malware named CDRTheif. The malware targets a specific Voice over IP (VoIP) system to steal Call Data Records (CDR) from telephone equipment. The malware…

Read more →

Read the original article: ProLock Ransomware Using well-known, typical intrusion tactics, the operators of ProLock ransomware have been able to deploy a large number of attacks at an average rate of nearly one attack per day. Initially, ProLock was named…

Read more →

Read the original article: Zeppelin Ransomware After not being seen for a while, Zeppelin ransomware is now back and was seen in August by researchers from Juniper Threatlab. Just like previous campaigns, this one starts with an email that includes…

Read more →

Read the original article: Pakistan’s Largest Private Power Company Hit With Netwalker Ransomware Netwalker: Karachi, Pakistan’s sole electric power provider, K-Electric, suffered a ransomware attack from the Netwalker threat group. Currently, the only systems being impacted by the outage are…

Read more →

Read the original article: TeamTNT Leverages Weave Scope in New Attacks Targeting Cloud Environments Originally reported by ZDNet, TeamTNT is a hacking crew most recently attributed to a cryptocurrency mining botnet able to steal Amazon Web Services (AWS) credentials from…

Read more →

Read the original article: Critical Intel AMT Flaw Patched Intel has released their September 2020 platform update addressing nine security vulnerabilities detailed over five security advisories. One of the flaws addressed is within Intel’s Active Management Technology (AMT) platform. AMT…

Read more →

Read the original article: Argentinian Government Immigration Agency Hit With Netwalker Ransomware On August 27th, Unidad Fiscal Especializada en Ciberdelincuencia, the cybercrime agency in Argentina, was alerted to a security incident after multiple border checkpoints called in and needed support.…

Read more →

Read the original article: Visa Warns of New Baka E-Skimmer Researchers have found a new e-commerce skimmer designed to steal payment card details that also has the interesting ability to remove itself after exfiltrating stolen data. Named Baka, this malware…

Read more →

Read the original article: DoppelPaymer Claims That They Are Behind Attack on Newcastle University The UK research university Newcastle has been attacked with ransomware. The university stated that it will take them several weeks to get their systems back online…

Read more →

Read the original article: Miami High School Student Attacks School Network An unnamed 16-year-old student at the South Miami Senior High School has been attacking the school’s online learning platform. Since the launch of the school year on Monday, the…

Read more →

Read the original article: Warner Music Group Struck With Months-Long Magecart Style Attack Multiple e-commerce sites belonging to Warner Music Group have suffered Magecart style attacks according to a breach notification letter that was filed yesterday with the California Attorney…

Read more →