News


  • REvil Group Claims Slew of Ransomware Attacks

    March 12, 2021

    The REvil ransomware threat group is on a cyberattack tear, claiming over the past two weeks to have infected nine organizations across Africa, Europe, Mexico and the U.S. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the U.S.; as well as two ...

  • New ZHtrap botnet malware deploys honeypots to find more targets

    March 12, 2021

    A new botnet is hunting down and transforming infected routers, DVRs, and UPnP network devices into honeypots that help it find other targets to infect. The malware, dubbed ZHtrap by the 360 Netlab security researchers who spotted it, is loosely based on Mirai’s source code, and it comes with support for x86, ARM, MIPS, and other ...

  • Threat Assessment: DearCry Ransomware

    March 12, 2021

    Last week, Microsoft reported that attackers compromised Exchange Mail Servers with the use of four zero-day vulnerabilities. While patches have been released by Microsoft, adversaries are still attacking vulnerable versions of Microsoft Exchange Servers with malicious tools, malware and data exfiltration. Further, Microsoft has confirmed the existence of a ransomware variant leveraging these vulnerabilities, which ...

  • Security and Privacy of COVID-19 Contact-Tracing Apps

    March 12, 2021

    Symantec analyzed the top 25 COVID-19 national contact-tracing apps to see which follow security and privacy best practices. Unfortunately, in this new COVID-19 era it’s not just our computers we have to protect from infection, but also ourselves and our loved ones. Along with social distancing, wearing a mask, and washing our hands, technology is also ...

  • Good old malware for the new Apple Silicon platform

    March 12, 2021

    A short while ago, Apple released Mac computers with the new chip called Apple M1. The unexpected release was a milestone in the Apple hardware industry. However, as technology evolves, we also observe a growing interest in the newly released platform from malware adversaries. This inevitably leads us to new malware samples compiled for the ...

  • No Laughing Matter: Joker’s Latest Ploy

    March 12, 2021

    Joker reveals more tricks up its sleeves: new malicious Android apps that, like in past schemes, subscribe users to premium services without their consent. Joker (a.k.a. Bread) is one of the most persistent malware families that continually targets Android devices. The malware entered the scene in 2017, and by early 2020, Google has removed more than ...

  • Hafnium’s China Chopper: a ‘slick’ and tiny web shell for creating server backdoors

    March 11, 2021

    Researchers have provided insight into China Chopper, a web shell used by the state-sponsored Hafnium hacking group. Hafnium is a group of cyberattackers originating from China. The collective recently came into the spotlight due to Microsoft linking them to recent attacks exploiting four zero-day vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 — in Microsoft Exchange Server. Microsoft ...

  • The Future of P2P IoT Botnets

    March 11, 2021

    The internet of things (IoT) has created a new domain for botnet developers to compete and thrive in. Already, there they battle one another for devices while their victims contend with persisting infections. But the involvement of a well-known file-sharing technology, peer-to-peer (P2P) networking, into the mix can further complicate matters. A typical IoT botnet consists ...

  • Microsoft Exchange Servers Face APT Attack Tsunami

    March 11, 2021

    Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat (APT) groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers. Microsoft said in early March that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions ...

  • NimzaLoader malware was written in an unusual programming language to stop it from being detected

    March 11, 2021

    A prolific cyber criminal hacking operation is distributing new malware which is written in a programming language rarely used to compile malicious code. Dubbed NimzaLoader by cybersecurity researchers at Proofpoint, the malware is written in Nim – and it’s thought that those behind the malware have decided to develop it this way in the hopes that ...

  • Linux Systems Under Attack By New RedXOR Malware

    March 11, 2021

    Researchers have discovered a new backdoor targeting Linux systems, which they link back to the Winnti threat group. The backdoor is called RedXOR – in part because its network data-encoding scheme is based on the XOR encryption algorithm, and in part because its samples were found on an old release of the Red Hat Enterprise Linux ...

  • Molson Coors discloses cyberattack disrupting its brewery operations

    March 11, 2021

    Brewing giant Molson Coors disclosed Thursday that it has experienced a “cybersecurity incident” that has disrupted operations and beer production. In a Form-8K filed with the SEC today, Miller Coors said it’s bringing in an outside forensic IT firm to investigate the breach, but that delays in shipments were likely as it works to bring ...

  • F5 issues BIG-IP patches to tackle unauthenticated remote code execution, critical flaws

    March 11, 2021

    F5 Networks has pushed out patches to tackle four critical vulnerabilities in BIG-IP, one of which can be exploited for unauthenticated remote code execution (RCE) attacks. The enterprise networking provider’s BIG-IP applications are enterprise-grade, modular software suites designed for data and app delivery, load balancing, traffic management, and other business functions. F5 says that 48 out of ...

  • TrickBot Takes Over, After Cops Kneecap Emotet

    March 11, 2021

    A massive malicious spam campaign, along with the global takedown of Emotet, has vaulted the TrickBot trojan to the top of the Check Point’s list of the most popular malware among cybercriminals for February. In January, TrickBot was ranked third on Check Point’s list, and it was fourth overall for 2020, while the No. 1 malware, ...

  • Ryuk ransomware hits 700 Spanish government labor agency offices

    March 10, 2021

    The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain. “Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually ...

  • Russia: Majority of governmental agencies’ websites go live after failure

    March 10, 2021

    Websites of the majority of Russian government authorities have recovered after the failure occurred on Wednesday. Websites of the Kremlin, the government, Russian media watchdog, Ministry of Industry and Trade, Ministry of Economic Development, Security Council and Russian Investigative Committee resumed operations. Furthermore, the State Duma and the Ministry of the Interior websites restarted operations earlier. It was ...

  • Europol: New Major Interventions To Block Encrypted Communications Of Criminal Networks

    March 10, 2021

    Judicial and law enforcement authorities in Belgium, France and the Netherlands have in close cooperation enabled major interventions to block the further use of encrypted communications by large-scale organised crime groups (OCGs), with the support of Europol and Eurojust. The continuous monitoring of the criminal use of the Sky ECC communication service tool by investigators ...

  • WaterISAC: 15 Security Fundamentals You Need to Know

    March 10, 2021

    Attacks such as the one at Oldsmar highlight the need for water facilities to continue honing their ability to defend themselves against digital attacks. Towards that aim, they can use WaterISAC’s guidelines for water and wastewater utilities. The security fundamentals covered in those guidelines include the following: Asset Inventory Database You can’t protect what you don’t know you ...

  • OVH data center burns down knocking major sites offline

    March 10, 2021

    In a major unprecedented incident, data centers of OVH located in Strasbourg, France have been destroyed by fire. OVH is the largest hosting provider in Europe and the third-largest in the world. The cloud computing company provides VPS, dedicated servers, and other web services. Customers are being advised by the company to enact their disaster recovery plans ...

  • GandCrab ransomware affiliate arrested for phishing attacks

    March 9, 2021

    A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims. The GandCrab ransomware operation started in January 2018 when it quickly became a malware empire threatening businesses worldwide. Operated as a Ransomware-as-a-Service (RaaS), the GandCrab developers teamed up with affiliates in a revenue share partnership, with affiliates earning between 70-80% ...