A Deep Dive into the Emotet Malware
Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA
n the second part of our Strange Bits series we are taking a closer look at Sodinokibi Spam E-Mails, CinaRAT and a Malware that tries to imitate G DATA. Sodinokibi ransomware was known so far for being installed via Oracle WebLogic exploit (see Talos’ article). A new campaign uses spam emails with attached MS Office Word document to download Sokinokibi to the target system. JamesWT found the first sample, Sculabs another one. The email pretends to be a warning letter from the fee collection center of public-law broadcasting institutions in the Federal Public of Germany and demands 213.50 EUR payment.
CIA sextortion an old scam with a new twist
What would you think if you received an e-mail with Central Intelligence Agency Case #45361978 in the subject line? Would you decide that someone, somewhere had seriously screwed up and accidentally sent you a top-secret file? Or that youre being recruited for the secret services (well, you never know)? Alas, in either case you would almost certainly be mistaken the e-mails in question are just another extortion trick.
New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide
Security researchers have discovered an ongoing sophisticated botnet campaign that is currently brute-forcing more than 1.5 million publicly accessible Windows RDP servers on the Internet. Dubbed GoldBrute, the botnet scheme has been designed in a way to escalate gradually by adding every new cracked system to its network, forcing them to further find new available RDP servers and then brute force them.. Also:
SandboxEscaper Debuts ByeBear Windows Patch Bypass
Guerrilla developer SandboxEscaper has disclosed a second bypass exploit for a patch that fixes a Windows local privilege-escalation (LPE) flaw again without notifying Microsoft. The exploit, dubbed ByeBear, enables attackers to get past the patch to attack a permissions-overwrite, privilege-escalation flaw (CVE-2019-0841), which exists because Windows AppX Deployment Service (AppXSVC) improperly handles hard links. It allows a local attacker to run processes in an elevated context, allowing them to then install programs, and view, change or delete data, according to Microsoft.. Also:
Ancient ICEFOG APT malware spotted again in new wave of attacks
Malware developed by Chinese state-sponsored hackers that was once thought to have disappeared has been recently spotted in new attacks, in an updated and more dangerous form. Spotted by FireEye senior researcher Chi-en (Ashley) Shen, the malware is named ICEFOG (also known as Fucobha). It was initially used by a Chinese APT (advanced persistent threat, a technical term for state-sponsored hacking units), also named ICEFOG, whose operations were first detailed in a Kaspersky report in September 2013.
Tietomurto Marimekon verkkokaupassa: Yli 1 500 käyttäjän syöttämiä tietoja on kerätty luvattomasti
Tietomurto Marimekon verkkokaupassa: Yli 1 500 käyttäjän syöttämiä tietoja on kerätty luvattomasti. Murtautuja on voinut saada haltuunsa sivustolla tietomurron aikana asioineen käyttäjän syöttämiä tietoja, kuten toimitus- ja laskutusosoitteen sekä verkkokaupan kirjautumistiedot, kertoo sähköpostitse Marimekon digitaalisen liiketoiminnan johtaja Kari Härkönen.
PHA Family Highlights: Triada
We continue our PHA family highlights series with the Triada family, which was first discovered early in 2016. The main purpose of Triada apps was to install spam apps on a device that displays ads. The creators of Triada collected revenue from the ads displayed by the spam apps. The methods Triada used were complex and unusual for these types of apps. Triada apps started as rooting trojans, but as Google Play Protect strengthened defenses against rooting expl. Myös:
Someone slipped a vuln into crypto-wallets via an NPM package. Then someone else siphoned off $13m in coins to protect it from thieves
Massive Changes to Tech and Platforms, But Cybercrime? Not So Much
The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime. In 2012, a group of cybersecurity researchers and social scientists studied the impact of cybercrime and its cost to society, concluding that the money spent anticipating an attack is less effective than money spent responding to an attack. This week, many of the same researchers released an updated paper at the Workshop on the Economics of Information Security (WIES) conference, in Cambridge, Mass., that looks at direct and indirect damages due to cybercrime,
The Endless Scourge of Malicious Email
There is no question that unwanted email is a source of annoyance. It is also the biggest source of cyber threats. In fact, just last month, spam accounted for 85 percent of all email sent. Plus, according to Verizons 2018 Data Breach Investigations Report, email is the number one vector for both malware distribution (92.4 percent) and phishing (96 percent). Attackers know that, unfortunately, this channel just works. Because email forces the user to stop and at least scan every message they receive, it presents the perfect opportunity to serve up malicious links and file attachments that people in a hurry sometimes mistakenly click on. Phishing and social engineering have gotten so sophisticated that it can be hard for even cyber-savvy users to discern the legitimate from the malicious.
Hackers selling services to target FTSE companies
The amount of hacking tools that can be used against FTSE 100 and Fortune 500 companies is on the rise on the dark net, new research has warned. A report from Bromium found four in ten vendors on the dark net are selling targeted hacking services, which it claims translates to a 20 per cent rise compared to the same period three years ago. The price varies, significantly from $150 to $10,000, and mostly depends on the target company, and the plan to which
Cathay Pacific’s unpatched decade-old vulnerability led to 2018 breach
The Hong Kong Privacy Commissioner for Personal Data Stephen Kai-yi Wong released a report [PDF] on Thursday detailing his findings relating to the Cathay Pacific breach disclosed in October that affected 9.4 million people. In his report, Wong spelled out how a pair of groups had targeted the airline, with the first dropping a keylogger onto a reporting system in October 2014 that harvested credentials and allowed them to move laterally through the network and gather other credentials before ceasing on March 22, 2018. The report said Cathay is not aware of how this group entered the system.
AMCA Healthcare Hack Widens Again, Reaching 20.1M Victims
The hack of the American Medical Collection Agency (AMCA), a third-party bill collection vendor, continues to expand, now impacting 20.1 million patients across three laboratory services providers. In the wake of revelations that the personal data of 12 million patients from Quest Diagnostics had been potentially compromised by an infiltration of AMCA systems, another 7.7 million patients from LabCorp were shown on Wednesday to be impacted. And, 400,000 victims from OPKO Health have been now been added to the tally as of Thursday.
New Mirai Variant Adds 8 New Exploits, Targets Additional IoT Devices
Palo Alto Networks Unit 42 has been tracking the evolution of the Mirai malware, known for targeting embedded devices with the primary intent of launching DDoS attacks and self-propagation, since 2016 when it took down several notable targets. As part of this ongoing research, weve recently discovered a new variant of Mirai that has eight new exploits against a wide range of embedded devices. These newly targeted devices range from wireless presentation systems to set-top-boxes, SD-WANs, and even smart home controllers.