Holy water: ongoing targeted water-holing attack in Asia
securelist.com/holy-water-ongoing-targeted-water-holing-attack-in-asia/96311/ The threat actors unsophisticated but creative toolset has been evolving a lot since the inception date, may still be in development, and leverages Sojson obfuscation, NSIS installer, Python, open-source code, GitHub distribution, Go language, as well as Google Drive-based C2 channels.
Zoom Client Leaks Windows Login Credentials to Attackers
www.bleepingcomputer.com/news/security/zoom-client-leaks-windows-login-credentials-to-attackers/ The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link.. See also:
42 million Iranian Telegram user IDs and phone numbers leaked online: report
www.comparitech.com/blog/information-security/iranian-telegram-accounts-leaked/ 42 million records from a third-party version of messaging app Telegram used in Iran was exposed on the web without any authentication required to access it. Comparitech worked with security researcher Bob Diachenko to uncover and report the exposure, which included usernames and phone numbers, among other data.
SilverTerrier: 2019 Nigerian Business Email Compromise Update
unit42.paloaltonetworks.com/silverterrier-2019-update/ In 2019, Business Email Compromise (BEC) maintained its rankings as both the most profitable and the most prominent threat facing our customers. According to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3), which recently released its annual report, US$1.77 billion in losses were attributed to BEC attacks over the course of 2019. This number dwarfed losses associated
Attacks involving the Mespinoza/Pysa ransomware
www.cert.ssi.gouv.fr/cti/CERTFR-2020-CTI-003/ In the past few weeks, ANSSI became aware of cyber attacks targeting French local authorities. These attacks involved ransomwares whose use resulted in several encrypted files. The origin of these attacks is still unknown, and investigations are in progress. However, ransomware attacks are usually opportunistic and driven by a lucrative purpose.
THE VOLLGAR CAMPAIGN: MS-SQL SERVERS UNDER ATTACK
www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/ Guardicore Labs team has recently uncovered a long-running attack campaign which aims to infect Windows machines running MS-SQL servers. Dating back to May 2018, the campaign uses password brute force to breach victim machines, deploys multiple backdoors and executes numerous malicious modules, such as multifunctional remote access tools (RATs) and cryptominers. We dubbed the campaign Vollgar after
Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Heres what to do
www.microsoft.com/security/blog/2020/04/01/microsoft-works-with-healthcare-organizations-to-protect-from-popular-ransomware-during-covid-19-crisis-heres-what-to-do/ As part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals. Now more than ever, hospitals need protecting from attacks that can prevent access to critical systems, cause downtime, or steal sensitive information.
Trickbot: A primer
blog.talosintelligence.com/2020/03/trickbot-primer.html In recent years, the modular banking trojan known as Trickbot has evolved to become one of the most advanced trojans in the threat landscape. It has gone through a diverse set of changes since it was first discovered in 2016, including adding features that focus on Windows 10 and modules that target point of sale (POS) systems. Not only does it function as a standalone trojan, Trickbot is also . commonly used as a dropper for other malware such as the Ryuk ransomware. The wide range of functionality allows this malware to adapt to different environments and maximize effectiveness in a compromised network.