What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-06 18:27:00 | Investigation Launched into RIPTA Data Breach (lien direct) | Rhode Island attorney general to probe data breach of the Ocean State's public transit authority | Data Breach | APT 32 | |
 |
2021-11-16 17:34:00 | Anomali Cyber Watch: REvil Affiliates Arrested, Electronics Retail Giant Hit By Ransomware, Robinhood Breach, Zero Day In Palo Alto Security Appliance and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data breach, Data leak, Malspam, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
(published: November 8, 2021)
US Cybersecurity and Infrastructure Security Agency (CISA) has released an alert about advanced persistent threat (APT) actors exploiting vulnerability in self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. PaloAlto, Microsoft & Lumen Technologies did a joint effort to track, analyse and mitigate this threat. The attack deployed a webshell and created a registry key for persistence. The actor leveraged leased infrastructure in the US to scan hundreds of organizations and compromised at least nine global organizations across technology, defense, healthcare and education industries.
Analyst Comment: This actor has used some unique techniques in these attacks including: a blockchain based legitimate remote control application, and credential stealing tool which hooks specific functions from the LSASS process. It’s important to make sure your EDR solution is configured to and supports detecting such advanced techniques in order to detect such attacks.
MITRE ATT&CK: [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Ingress Tool Transfer - T1105 | [MITRE ATT&CK] Scripting - T1064 | [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Application Layer Protocol - T1071 | [MITRE ATT&CK] Credentials in Files - T1081 | [MITRE ATT&CK] Brute Force - T1110 | [MITRE ATT&CK] Data Staged - T1074 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Hooking - T1179 | [MITRE ATT&CK] Registry Run Keys / Startup Folder - T1060 | [MITRE ATT&CK] Pass the Hash - T1075
Tags: Threat Group 3390, APT27, TG-3390, Emissary Panda, WildFire, NGLite backdoor, Cobalt Strike, Godzilla, PwDump, beacon, ChinaChopper, CVE-2021-40539, Healthcare, Military, North America, China
REvil Affiliates Arrested; DOJ Seizes $6.1M in Ransom
(published: November 9, 2021)
A 22 year old Ukranian national named Yaroslav Vasinskyi, has been charged with conducting ransomware attacks by the U.S Department of Justice (DOJ). These attacks include t |
Ransomware Data Breach Malware Tool Vulnerability Threat Medical | APT 38 APT 27 APT 1 | |
|
2021-06-29 16:29:00 | Anomali Cyber Watch: Microsoft Signs Malicious Netfilter Rootkit, Ransomware Attackers Using VMs, Fertility Clinic Hit With Data Breach and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, NetFilter, Ransomware, QBot, Wizard Spider, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Microsoft Signed a Malicious Netfilter Rootkit
(published: June 25, 2021)
Security researchers recently discovered a malicious netfilter driver that is signed by a valid Microsoft signing certificate. The files were initially thought to be a false positive due to the valid signing, but further inspection revealed that the malicious driver called out to a Chinese IP. Further research has analyzed the malware, dropper, and Command and Control (C2) commands. Microsoft is still investigating this incident, but has clarified that they did approve the signing of the driver.
Analyst Comment: Malware signed by a trusted source is a threat vector that can be easily missed, as organizations may be tempted to not inspect files from a trusted source. It is important for organizations to have network monitoring as part of their defenses. Additionally, the signing certificate used was quite old, so review and/or expiration of old certificates could prevent this malware from running.
MITRE ATT&CK: [MITRE ATT&CK] Code Signing - T1116 | [MITRE ATT&CK] Install Root Certificate - T1130
Tags: Netfilter, China
Dell BIOSConnect Flaws Affect 30 Million Devices
(published: June 24, 2021)
Four vulnerabilities have been identified in the BIOSConnect tool distributed by Dell as part of SupportAssist. The core vulnerability is due to insecure/faulty handling of TLS, specifically accepting any valid wildcard certificate. The flaws in this software affect over 30 million Dell devices across 128 models, and could be used for Remote Code Execution (RCE). Dell has released patches for these vulnerabilities and currently there are no known actors scanning or exploiting these flaws.
Analyst Comment: Any business or customer using Dell hardware should patch this vulnerability to prevent malicious actors from being able to exploit it. The good news is that Dell has addressed the issue. Patch management and asset inventories are critical portions of a good defense in depth security program.
MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 | [MITRE ATT&CK] Peripheral Device Discovery - T1120
Tags: CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574, Dell, BIOSConnect
Malicious Spam Campaigns Delivering Banking Trojans
(published: June 24, 2021)
Analysis from two mid-March 2021 spam campaignts revealed that th |
Ransomware Data Breach Spam Malware Tool Vulnerability Threat Patching | APT 30 | |
|
2021-06-22 18:18:00 | Anomali Cyber Watch: Klingon RAT Holding on for Dear Life, CVS Medical Records Breach, Black Kingdom Ransomware and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Black Kingdom, Darkside, Go, Klingon Rat, Microsoft PowerApps, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Andariel Evolves to Target South Korea with Ransomware
(published: June 15, 2021)
Researchers at securelist identified ransomware attacks from Andariel, a sub-group of Lazarus targeting South Korea. Attack victims included entities from manufacturing, home network service, media and construction sectors. These attacks involved malicious Microsoft Word documents containing a macro and used novel techniques to implant a multi-stage payload. The final payload was a ransomware custom made for this specific attack.
Analyst Comment: Users should be wary of documents that request Macros to be enabled. All employees should be educated on the risk of opening attachments from unknown senders. Anti-spam and antivirus protections should be implemented and kept up-to-date with the latest version to better ensure security.
MITRE ATT&CK: [MITRE ATT&CK] System Network Connections Discovery - T1049 | [MITRE ATT&CK] Process Discovery - T1057 | [MITRE ATT&CK] Screen Capture - T1113 | [MITRE ATT&CK] Standard Non-Application Layer Protocol - T1095 | [MITRE ATT&CK] Exfiltration Over Command and Control Channel - T1041 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Lazarus group, Lazarus, Andariel, Hidden Cobra, tasklist, Manuscrypt, Banking And Finance, Malicious documents, Macros
Matanbuchus: Malware-as-a-Service with Demonic Intentions
(published: June 15, 2021)
In February 2021, BelialDemon advertised a new malware-as-a-service (MaaS) called Matanbuchus Loader and charged an initial rental price of $2,500. Malware loaders are malicious software that typically drop or pull down second-stage malware from command and control (C2) infrastructures.
Analyst Comment: Malware as a Service (MaaS) is a relatively new development, which opens the doors of crime to anyone with the money to pay for access. A criminal organization that wants to carry out a malware attack on a target no longer requires in-house technical expertise or infrastructure. Such attacks in most cases share tactics, techniques, and even IOCs. This highlights the importance of intelligence sharing for proactive protection.
MITRE ATT&CK: [MITRE ATT&CK] System Network Configuration Discovery - T1016
Tags: BelialDemon, Matanbuchus, Belial, WildFire, EU, North America
Black Kingdom ransomware
(published: June 17 |
Ransomware Data Breach Malware Vulnerability Threat Medical | APT 38 APT 28 | |
 |
2021-04-30 07:30:29 | DigitalOcean admits data breach exposed customers\' billing details (lien direct) | DigitalOcean, the popular cloud-hosting provider, has told some of its customers that their billing details were exposed due to what it described as a "flaw." Read more in my article on the Hot for Security blog. | Data Breach | APT 32 | |
 |
2021-04-28 16:09:13 | DigitalOcean data breach exposes customer billing information (lien direct) | Cloud hosting provider DigitalOcean has disclosed a data breach after a flaw exposed customers' billing information. [...] | Data Breach | APT 32 | |
|
2021-04-22 08:30:22 | Smashing Security podcast #224: The Lazarus Heist, Facebook faux pas, and no-cost security (lien direct) | Facebook has managed to do the seemingly impossible - and had a data breach about its handling of a data breach. Meanwhile, we chat to the host of the brand new podcast about North Korea's hackers targeting the rest of the world, and discuss if an intern can be trusted to monitor your security. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Geoff White and featuring an interview with Duo's Helen Patton. | Data Breach | APT 38 APT 28 | |
 |
2020-06-12 12:17:52 | (Déjà vu) Insurance firm discloses data breach (lien direct) | Fortune 500 insurance holding company Genworth Financial disclosed a data breach after an unauthorized party gained access to insurance agents’ online accounts using compromised login credentials. The U.S. mortgage and long term care insurer had revenue of $8,6 billion during the last fiscal year and it reached a deal with China Oceanwide Holdings Group that […] | Data Breach | APT 32 | |
 |
2020-05-10 14:50:19 | DigitalOcean Admits Of Data Breach After Leaving Internal Document Online (lien direct) | DigitalOcean, the world's leading web hosting platform, has confirmed that it exposed customer data after it accidentally left an internal Digital Ocean document online, according to a report from The Hacker News. According to the breach notification email sent to affected customers, the data leak took place when a DigitalOcean-owned document from 2018 was unintentionally […] | Data Breach Guideline | APT 32 | |
 |
2019-04-11 13:00:03 | Protect Your Business by Managing Network Security from the Palm of Your Hand (lien direct) | by Russ Schafer, Head of Product Marketing, Security Platforms, published April 11th 2019 Next generation cyber security attacks can happen at any time to any size business, so you need to be prepared to react immediately. Based on the 2018 Verizon Data Breach report, 58% of security breach victims are categorized as small… | Data Breach Prediction | APT 39 | |
 |
2019-03-28 09:11:00 | APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability (lien direct) | Elfin (aka APT33), a hacker group affiliated with the Iranian government, is described by Symantec as “one of the most active groups currently operating in the Middle East.” They have been linked with a string of attacks on U.S. and Saudi Arabian companies, particularly in the aerospace and energy sectors. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach Vulnerability | APT33 APT 33 | |
 |
2019-01-08 14:00:00 | 2018 Sees Record Number of Online Retail Data Breaches (lien direct) | During the holiday season people logged on to make purchases through online retailers, like no other time of the year. While there was significant growth in many segments of society on a global scale in 2018, we also saw a significant increase in online retail breaches where personally identifiable information was compromised at an alarming rate. With more and more people using online services for everything from ordering perishable food products to plane tickets and hotel reservations, 2018 proved to be a huge year for online/cybercriminals. Here are some facts around some of the largest and most far-reaching retail breaches of 2018: Data breaches are on the rise, and the total number of accounts breached has become ridiculously high. A report from cybersecurity firm Shape Security showed that almost 90% of the login attempts made on online retailers' websites are hackers using stolen data. Many of these breaches were caused by flaws in payment systems that were taken advantage of by hackers. Dozens of security breaches have occurred in 2018. Many of them were caused by flaws in payment systems, either online or in stores. Data breaches are on the rise for both retailers and other businesses. These data breaches are a real danger for both companies and customers and can affect the trust shoppers have in brands. According to a study by KPMG, 19% of consumers would completely stop shopping at a retailer after a breach, and 33% would take a break from shopping there for an extended period. Example Breaches Cheddar's Scratch Kitchen Darden Restaurant announced it was notified by government officials on August 16 that it had been the victim of a cyber attack. Customers who visited Darden-owned Cheddar's Scratch Kitchen between November 3, 2017, and January 2, 2018, may have had their credit-card information stolen. Darden estimates that 567,000 payment card numbers could have been compromised. Customers affected would have visited a Cheddar's location in any one of these states: Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, and Wisconsin. Macy's Macy's confirmed that some customers shopping online at Macys.com and Bloomingdales.com between April 26 and June 12 could have had their personal information and credit card details exposed to a third party. Macy's did not confirm exactly how many people were impacted. However, a spokesperson for the company said the breach was limited to a small group of people. Macy's said in a statement: "We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy's, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services." Adidas Adidas announced in June& | Data Breach Threat | Heritage APT 3 | |
 |
2018-06-27 17:57:01 | Another Local Government Agency Hacked (lien direct) | The latest local government data breach has occurred in Midland, Texas where hackers leveraged a vulnerability in Superion's Click2Gov function in the payment server used to make online payments for utilities. Other cities might be affected as well including Beaumont, California, Oceanside California and Goodyear, Arizona. Ryan Wilk, VP of Customer Success: “Hackers will leverage … The ISBuzz Post: This Post Another Local Government Agency Hacked | Data Breach Vulnerability | APT 32 |
1
We have: 13 articles.
We have: 13 articles.
To see everything:
Our RSS (filtrered)
