LockBit has claimed to have stolen 76 gigabytes worth of confidential data, including financial and IT records, certifications, and legal documents, in an attack on California’s Department of Finance. While officials aren’t divulging much information, the LockBit group gave the department until December 24 to meet its demands. Or else, it threatened to leak the department’s […]
WAF affected by Bypass Technique
Team82 research has found a generic bypass to industry-leading web application firewalls. This includes those used in Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva. Researchers found that an SQL injection, or SQLi when launched alongside a JSON syntax, blinded most of these web application firewalls. Since cybercriminals can use this SQLi vulnerability “to […]
Phishing Attack leads to Remote Admin Access
Iranian cybercrime group, MuddyWater, used legitimate companies’ emails in phishing attacks, Deep Instinct reported in their recent blog, New MuddyWater Threat: Old Kitten; New Tricks. The attackers tried to install malicious remote administration software on recipients’ systems by sending spam links as HTML attachments—a tactic to evade email security solutions. Since 2017, the group has targeted […]
Malicious Excel Add in
Cisco Talos reports advanced persistent threat actors and commodity malware families are using XLLs as an infection vector and this number continues to grow. Since Microsoft has started rolling out versions of Office applications which will block execution of any VBA macros by default, attackers have turned to abusing Add-ins. In terms of the file […]
Malicious PyPL module Poses as Security SDK
A malicious Python package is posing as a software development kit (SDK) for the security firm SentinelOne, researchers at ReversingLabs discovered. The package, SentinelOne has no connection to the noted threat detection firm of the same name and was first uploaded to PyPI, the Python Package Index, on Dec 11, 2022. It has been updated […]
Best Consumer Techs of the Year
Compiled by Tomshardware Best SSDs 2022: From Budget SATA to Blazing-Fast NVMe Best Flash Drives: Fast, Roomy USB Storage in Your Pocket Best External SSDs and Hard Drives of 2022 Best PC Cases 2022: Our Tested Picks for Your New Build Best CPUs for Workstations 2022 Best Webcams of 2022 Best College Laptops: Tested Picks […]
How to beef up Microsoft 365 Security
Microsoft has long used a shared responsibility model for its various cloud services, including Microsoft 365. The model states that Microsoft is responsible only for securing its cloud infrastructure. This means users are responsible for securing their data. But the problem is Microsoft 365 isn’t secure by default. So how do you get around this issue […]
Android Malware Infects 300,000 Facebook users
Android malware dubbed Schoolyard Bully Trojan has infected and extracted information from over 300,000 devices in 71 countries since 2018, the mobile security firm Zimperium zLabs reported. The apps were marketed as educational on Google Play Store and primarily targeted Facebook users in Vietnam. The report cautions that the apps, though now removed from the Google Play […]
Playing with Powershell Variables
Declaring a variable in PowerShell is usually a simple matter. Just specify the variable name, an equal sign, and the value you want to assign to the variable. Then PowerShell will do the rest. Despite this simplicity, you can make working with variables easier with a few extra tricks. For instance, you can define constants and […]
Deconstructing Azov: Sophisticated Wiper
Azov first came to the attention of the information security community as a payload of the SmokeLoader botnet, commonly found in fake pirated software and crack sites. One thing that sets Azov apart from your garden-variety ransomware is its modification of certain 64-bit executables to execute its own code. The modification of executables is done […]
Google ADs pointing to malware
Fake sites for popular software have been seen pushing IcedID malware (also known as Bokbot). Search Engine Optimization (SEO) is a technique that websites use to increase their visibility for search engines like Google. Cyber criminals occasionally use SEO to direct search traffic to malicious advertisement links. These ads redirect users to fake software sites […]
Meta-Phish: Phishing via Facebook
Trustwave SpiderLabs previously released two blogs about Facebook and Instagram phishing. The common denominator between these two articles is the use of phony notifications which lure victims into thinking that they have allegedly committed a violation of terms. The victim must then make an appeal through a crafted phishing page to avoid losing access to […]
Windows Server updates has Bugs
Here’s a recently identified problem we’ve been following that can impact your Active Directory environment: New Windows Server updates cause domain controller freezes, restarts (Bleeping Computer) Windows Server November 2022 updates cause LSASS memory leak (Günter Born)
Cuba ransomware analysis by TredMicro
Trend Micro has observed a resurgence of Cuba ransomware activity in March and April 2022. It included a new variant that contained updates to the binary – particularly its downloader – that is believed to enhance efficiency, minimize unwanted system behavior, and even provide technical support to victims in case of negotiations. Cuba ransomware has […]
Supply Chain Attack with Different PyPl Methods
In the beginning of November several malicious python packages distributing the W4SP malware were found in the Python Package Index (PyPI) open source repository. These packages contain malicious code, hidden inside init.py or setup.py scripts, which downloads a stage 2 payload from a remote location. Stage 2 payload is W4SP stealer capable of stealing a wide […]
Recent TrueBot infections
Since August 2022, Talos has seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor that is responsible for several high-impact attacks on financial institutions in several countries around the world. Recently, the attackers have shifted from using malicious emails […]
Guide to Cloud Data Security
Cloud storage is big, convenient, and here to stay. Unfortunately for many companies, cybercriminals are unrelenting in their effort to steal cloud data. For example, Cognyte, a cyber analytics firm, used third-party cloud software to store customer data. A misconfiguration in their cloud data security left one of their databases unsecured. As a result, criminals […]
Russian Gangs Obtain 50 Million Passwords
Group-IB, a cybersecurity company, has issued a press release reporting that 34 Russian cybercrime gangs have compromised 50-million accounts through a stealer-as-a-service scam. The scammers have stolen user passwords from sites like Steam and Roblox, and payment information and credentials from Amazon, PayPal, and cryptocurrency wallets. In total, the cybercriminals compromised over 890,000 devices in over 111 countries. Aside from looting passwords, […]
142 Scammers arrested for stealing $120 million.
Europol, in a joint operation with other international agencies, took down the iSpoof website which stole over $120 million in international scamming operations, an official press release by Europol said. The website provided criminals with technology to impersonate sources from governments and banks, including Barclays, Santander, NatWest, and Nationwide. Later on, the police authorities confirmed that the number of […]
GoTo/LogMeIn Security Breach
GoTo, (formerly LogMeIn), has issued a formal security breach notification through its blog, indicating that cybercriminals have gained access to its development environment and cloud storage facilities. LastPass, a subsidiary of GoTo, has also issued a similar update to customers. However, no passwords have been stolen and little or no sensitive data has been leaked, […]