BianLian Ransomware Encrypts Files in the Blink of an Eye
BianLian is a financially motivated threat actor that targets a wide range of industries. It uses the exotic programming language “Go” to encrypt files with unusual speed.
Prime minister links drones over Norway to ‘hybrid threats’
Norwegian police and military were busy again this week investigating more unidentified drones seen flying over critical energy infrastructure. After a Russian man was arrested for trying to leave Norway with two drones containing lots of pictures, Prime Minister Jonas Gahr Støre likened the incidents to a new form of “hybrid threats.”
New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.
Microsoft Office 365 Message Encryption Insecure Mode of Operation | WithSecure™ Labs
Microsoft Office 365 Message Encryption (OME) utilitises Electronic Codebook (ECB) mode of operation. This mode is insecure and leaks information about the structure of the messages sent and can lead to partial or full message disclosure.
New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts
ThreatLabz has discovered, hiding in app stores, a PHP variant of the Ducktail infostealer used to hijack Facebook Business accounts.
Threat Alert: Private npm Packages Disclosed via Timing Attacks
Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
- Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities. * The Alchimist has a web interface in Simplified Chinese with remote administration features. * The attack framework is designed to target Windows, Linux and Mac machines. * Alchimist and Insekt binaries are implemented in GoLang. * This campaign consists of additional bespoke tools such as a MacOS exploitation tool, a custom backdoor and multiple off-the-shelf tools such as reverse proxies.
On Bypassing eBPF Security Monitoring
There are many security solutions available today that rely on the Extended Berkeley Packet Filter (eBPF) features of the Linux kernel to monitor kernel functions. Such a paradigm shift in the latest monitoring technologies is being driven by a variety of reasons
Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike
We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware.
POLONIUM targets Israel with Creepy malware
ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group.
Malicious WhatsApp mod distributed through legitimate apps
The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app's internal store.
Ransomware : qui paie et pourquoi ?
Assurément passionné, le débat sur l’indemnisation des rançons par les assurances cyber souffre d’absents majeurs : les victimes de cyberattaque avec ransomware ayant cédé au chantage. Mais qui sont-elles ?
The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform
Bad actors are using a shared Phishing-as-a-Service platform called “Caffeine”.
New US Executive Order unlikely to satisfy EU law
Today, the US government published an executive order, allegedly limiting US surveillance. This is a first statement by noyb.
Fake Ransomware Infection Under widespread
Cyble Research and Intelligence Labs analyzes Fake ransomware, a destructive malware capable of wiping out system drives.
Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year
Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”.
On Agent Compromise in the Field
In 2017, a team of New York Times journalists revealed that, beginning in 2010, Beijing’s counterintelligence apparatus had systematically rolled up the CIA’s sources in China.
Major Mexican Government Hack Reveals Military Abuse and Spying
Hackers infiltrated the Mexican Defense Ministry, publishing millions of emails that detail the military’s growing influence over the civilian government.
Hackers release data after LAUSD refuses to pay ransom
Hackers released data from Los Angeles Unified School District on Saturday, a day after Supt. Alberto Carvalho said he would not negotiate with or pay a ransom to the criminal syndicate.
The Majority of PostgreSQL Servers on the Internet are Insecure
At most 15% of the approximately 820,000 PostgreSQL servers listening on the Internet require encryption. In fact, only 36% even support encryption. This puts PostgreSQL servers well behind the rest of the Internet in terms of security. In comparison, according to Google, over 96% of page loads in Chrome on a Mac are encrypted. The top 100 websites support encryption, and 97 of those default to encryption.
Fake CISO Profiles on LinkedIn Target Fortune 500s
Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may…
Jamf Threat Labs identifies macOS Archive Utility vulnerability allowing for Gatekeeper bypass (CVE-2022-32910)
Read how macOS vulnerability in Archive Utility could lead to the execution of an unsigned and unnotarized application without displaying security prompts.
White House announces new surveillance guardrails to meet EU Privacy Shield expectations
The executive order will give EU citizens redress for intelligence collection that violates U.S. laws.
CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy
Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.
CVE-2022-41352
On September 25, 2022, CVE-2022-41352 was filed for Zimbra Collaboration Suite. The vulnerability is a remote code execution flaw that arises from unsafe usage…
Man arrested for alleged data breach SMS scam
A Sydney man, 19, has been charged for allegedly attempting to misuse stolen Optus customer data in a text message blackmail scam.
MSSQL, meet Maggie. A novel backdoor for Microsoft SQL…
Continuing our monitoring of signed binaries, DCSO CyTec recently found a novel backdoor malware targeting Microsoft SQL servers. The malware comes in form of an “Extended Stored Procedure” DLL, a…
How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000
For 2nd time in 4 years, Amazon loses control of its IP space in BGP hijacking.
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability
MAR-10365227-3.v1 China Chopper Webshells
CISA analyzed 15 files associated with China Chopper malware. The files are modified Offline Address Book (OAB) Virtual Directory (VD) configuration files for Microsoft Exchange servers. The files have been modified with a variant of the China Chopper webshell. The webshells allow an attacker to remotely access the server and execute arbitrary code on the system(s).referenced in this bulletin or otherwise.