Cybercrime

August 21, 2019

Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016, Silence APT group’s most recent successful campaign was against Bangladesh-based Dutch-Bangla Bank, which lost over $3 ...

August 21, 2019

A major botnet operation has been attacking and taking over the web shells (backdoors on web servers) of other malware operations for more than a year, security researchers from Positive Technologies revealed today. Researchers linked the botnet to a former Windows trojan named Neutrino (also known as Kasidet), whose operators appear to have shifted from targeting desktop users ...

August 20, 2019

Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project’s maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers. Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build ...

August 20, 2019

Newly registered domains (NRDs) are known to be favored by threat actors to launch malicious campaigns. Academic and industry research reports have shown statistical proof that NRDs are risky, revealing malicious usage of NRDs including phishing, malware, and scam. Therefore, best security practice calls for blocking and/or closely monitoring NRDs in enterprise traffic. Despite the evidence, there hasn’t yet ...

August 19, 2019

A detailed look at underground forums shows that cybercriminals aren’t sure where to look on the heels of the GandCrab ransomware group shutting its doors – and low-level actors are taking advantage of that by developing their own strains. Ransomware continues to be a top threat, with Friday’s ransomware attack on 23 Texas local government and agencies and two ...

August 19, 2019

Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads. Adwind (also known as jRAT, AlienSpy, JSocket, and Sockrat) is distributed by its developers to threat actors under a malware-as-a-service (MaaS) model and it is capable of evading detection by most major anti-malware ...

August 19, 2019

The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics. While previously they hacked legitimate websites to hijack download links infected with malware, the hackers are now creating website clones to deliver banking Trojans onto unsuspecting victims’ computers. This allows them to focus ...

August 18, 2019

Twenty-three local Texas governments have been infected with ransomware last week in what Texas officials have described as a coordinated attack. The attack took place on Friday morning, August 16, US time, when several smaller local Texas governments reported problems with accessing their data to the Texas Department of Information Resources (DIR). DIR officials did not pubish ...

August 16, 2019

The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank (ECB) is the central bank of the 19 European Union countries which have adopted the ...

August 15, 2019

The DanaBot banking Trojan is on the move and has traveled across the sea in a pivot from its original focus on Australia to strike European targets. DanaBot was first discovered by Proofpoint researchers last year. The malware was observed striking Australian targets of financial value, but at the time, DanaBot appeared to come from only one threat ...