FBI Statement on Incident Involving Fake Emails
www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails The FBI is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails.. No actor was able to access or compromise any data or PII on the FBIs network.
Emotet botnet returns after law enforcement mass-uninstall operation
therecord.media/emotet-botnet-returns-after-law-enforcement-mass-uninstall-operation/ The Emotet malware botnet is back up and running once again almost ten months after an international law enforcement operation took down its command and control servers earlier this year in January.
New Microsoft emergency updates fix Windows Server auth issues
www.bleepingcomputer.com/news/microsoft/new-microsoft-emergency-updates-fix-windows-server-auth-issues/ Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running supported versions of Windows Server.
Uncovering MosesStaff techniques: Ideology over Money
research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/ In September 2021, the hacker group MosesStaff began targeting Israeli organizations, joining a wave of attacks which was started about a year ago by the Pay2Key and BlackShadow attack groups. Those actors operated mainly for political reasons in attempt to create noise in the media and damage the countrys image, demanding money and conducting lengthy and public negotiations with the victims.
AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits AT&T Alien Labs has found new malware written in the open source programming language Golang. Deployed with more than 30 exploits, it has the potential of targeting millions of routers and IoT devices.
7 million Robinhood user email addresses for sale on hacker forum
www.bleepingcomputer.com/news/security/7-million-robinhood-user-email-addresses-for-sale-on-hacker-forum/ The data for approximately 7 million Robinhood customers stolen in a recent data breach are being sold on a popular hacking forum and marketplace.
A new Android banking trojan named SharkBot is makings its presence felt
therecord.media/a-new-android-banking-trojan-named-sharkbot-is-makings-its-presence-felt/ Security researchers have discovered a new Android banking trojan capable of hijacking users smartphones and emptying out e-banking and cryptocurrency accounts.
Chinas cyber watchdog unveils new draft data management regulations
therecord.media/chinaa-cyber-watchdog-unveils-new-draft-data-management-regulations/ The Cyberspace Administration of China, the nations cybersecurity watchdog, issued a set of draft regulations on Sunday aimed at protecting the nations internet data security.
North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro
thehackernews.com/2021/11/north-korean-hackers-target.html Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software.
Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic
thehackernews.com/2021/11/researchers-demonstrate-new.html A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it’s possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users.
How Attackers Exploit the Remote Desktop Protocol
Exchange Exploit Leads to Domain Wide Ransomware
thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/ We observed an intrusion where an adversary exploited multiple Exchange vulnerabilities (ProxyShell) to drop multiple web shells. Over the course of three days, three different web shells were dropped in publicly accessible directories. These web shells, exposed to the internet, were used to execute arbitrary code on the Microsoft Exchange Server utilizing PowerShell and cmd.
We wait, because we know you. Inside the ransomware negotiation economics.
Alibaba ECS instances actively hijacked by cryptomining malware
www.bleepingcomputer.com/news/security/alibaba-ecs-instances-actively-hijacked-by-cryptomining-malware/ Threat actors are hijacking Alibaba Elastic Computing Service (ECS) instances to install cryptominer malware and harness the available server resources for their own profit.
ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyberattacks
www.truesec.com/hub/blog/proxyshell-qbot-and-conti-ransomware-combined-in-a-series-of-cyber-attacks We are investigating a series of cyberattacks that result in encryption with the Conti ransomware. This post describes some of the indicators that can be used to detect these attacks.