CISA Identifies SUPERNOVA Malware During Incident Response
us-cert.cisa.gov/ncas/analysis-reports/ar21-112a SUPERNOVA is a malicious webshell backdoor that allows a remote operator to dynamically inject C# source code into a web portal to subsequently inject code. APT actors use SUPERNOVA to perform reconnaissance, conduct domain mapping, and steal sensitive information and credentials.
SolarWinds hack analysis reveals 56% boost in command server footprint
www.zdnet.com/article/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint/ A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed.
Researchers Find Additional Infrastructure Used By SolarWinds Hackers
thehackernews.com/2021/04/researchers-find-additional.html The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure. So much so that Microsoft went on to call the threat actor behind the campaign “skillful and methodic operators who follow operations security (OpSec) best practices to minimize traces, stay under the radar, and avoid detection.”. Lisäksi:
Internet of Threats: IoT Botnets Drive Surge in Network Attacks
securityintelligence.com/posts/internet-of-threats-iot-botnets-network-attacks/ As Internet of things (IoT) devices in homes, industrial environments, transportation networks and elsewhere continue to proliferate, so does the attack surface for malicious IoT network attackers. IoT attack activity in 2020 dramatically surpassed the combined volume of IoT activity observed by IBM Security X-Force in 2019.
QNAP removes backdoor account in NAS backup, disaster recovery app
www.bleepingcomputer.com/news/security/qnap-removes-backdoor-account-in-nas-backup-disaster-recovery-app/ QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials.
Remote access trojan exploits Telegram communications to steal data from victims and update itself to perform additional malicious activities
blog.checkpoint.com/2021/04/22/turning-telegram-toxic-new-toxiceye-rat-is-the-latest-to-use-telegram-for-command-control/ In this blog, we’ll explore why criminals are increasingly using Telegram for malware control, using the example of a new malware variant called ToxicEye’ that we have recently observed in the wild. Lisäksi: threatpost.com/telegram-toxiceye-malware/165543/
Ransomware gang wants to short the stock price of their victims
therecord.media/ransomware-gang-wants-to-short-the-stock-price-of-their-victims/ The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock markets.
Nightmare week for security vendors: Now a Trend Micro bug is being exploited in the wild
therecord.media/nightmare-week-for-security-vendors-now-a-trend-micro-bug-is-being-exploited-in-the-wild/ US-Japanese cybersecurity firm Trend Micro disclosed on Wednesday that a threat actor began using a bug in its antivirus products to gain admin rights on Windows systems as part of its attacks.