What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-03 19:15:08 | CVE-2021-33320 (lien direct) | The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails | Spam | ||
 |
2021-08-03 15:00:00 | Anomali Cyber Watch: LockBit ransomware, Phony Call Centers Lead to Exfiltration and Ransomware, VBA RAT using Double Attack Vectors, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android malware, APT, Data leak, macOS malware, Phishing, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
BazaCall: Phony Call Centers Lead to Exfiltration and Ransomware
(published: July 29, 2021)
BazaCall campaigns have forgone malicious links or attachments in email messages in favor of phone numbers that recipients are misled into calling. Actual humans then provide the callers with step-by-step instructions for installing malware. The BazaLoader payload from these campaigns also gives a remote attacker hands-on-keyboard control on an affected user's device, which allows for a fast network compromise. The lack of obvious malicious elements in the delivery methods could render typical ways of detecting spam and phishing emails ineffective.
Analyst Comment: All users should be informed of the risk phishing poses, and how to safely make use of email. They should take notice that a phone number sent to them can be fraudulent too. In the case of infection, the affected system should be wiped and reformatted, and if at all possible the ransom should not be paid. Implement a backup solution for your users to ease the pain of losing sensitive and important data.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Credential Dumping - T1003 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: BazaCall, Bazaar, Ransomware
Crimea “Manifesto” Deploys VBA Rat Using Double Attack Vectors
(published: July 29, 2021)
Hossein Jazi has identified a suspicious document named "Манифест". It downloads and executes two templates: one is macro-enabled and the other is an Internet Explorer exploit. While both techniques rely on template injection to drop a full-featured Remote Access Trojan, the IE exploit is an unusual discovery.
Analyst Comment: Files that request content be enabled to properly view the document are often signs of a phishing attack. If such a file is sent to you via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Template Injection - T1221 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Modify Registry - T1112
Tags: VBA, Russia, RAT, CVE- |
Ransomware Data Breach Spam Malware Threat Guideline | ||
 |
2021-07-23 19:16:06 | Google is finally doing something about Google Drive spam (lien direct) | You can now block people in Drive. It's still woefully inadequate, but it's something. | Spam | ||
 |
2021-07-20 21:30:00 | Spam Kingpin Peter Levashov Gets Time Served (lien direct) | A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Instead, he will go free under three years of supervised release and a possible fine. | Spam Malware | ||
 |
2021-07-20 21:01:10 | Russian Hacker Levashov Sentenced to Time Already Served (lien direct) | A Russian hacker known internationally as the “bot master” was sentenced Tuesday to the 33 months he has already served in custody on federal charges he operated a network of devices used to steal computer credentials, distribute spam and install malicious software. | Spam | ★★ | |
 |
2021-07-20 12:00:39 | Some URL shortener services distribute Android malware, including banking or SMS trojans (lien direct) | On iOS we have seen link shortener services pushing spam calendar files to victims' devices. | Spam | ||
 |
2021-07-19 00:00:00 | Signed, Sealed, and Delivered – Signed XLL File Delivers Buer Loader (lien direct) | The FortiGuard Labs team discovered a malicious spam campaign using a social engineering lure to trick targets into opening a malicious Excel document which then contacts a remote server that downloads a malicious payload. Learn more in our analysis of the attack and infrastructure used.
|
Spam | ||
 |
2021-07-15 12:50:00 | Checklist 239: Two + Two = You (lien direct) | Are data brokers de-anonymizing your data? | Strategies for stopping spam callers | Why storing passwords in Notes is a very bad idea | Spam | ||
 |
2021-07-10 05:09:35 | Kaseya warns customers of ongoing malspam campaign posing as security updates (lien direct) | Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates Kaseya is warning customers of threat actors attempting to exploit the recent massive supply chain ransomware attack suffered by the company. The software provider is warning of an ongoing malspam campaign aimed at delivering malware into their […] | Ransomware Spam Malware Threat | ||
|
2021-07-09 14:58:51 | ZLoader Adopts New Macro-Related Delivery Technique in Recent Attacks (lien direct) | The ZLoader malware family has switched to a new delivery mechanism in recent spam campaigns, fetching malicious code only after the initial attachment has been opened, McAfee reports. | Spam Malware | ||
 |
2021-07-07 08:50:19 | Fake Kaseya VSA security update backdoors networks with Cobalt Strike (lien direct) | Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security updates. [...] | Ransomware Spam Threat | ||
|
2021-07-06 15:05:00 | Anomali Cyber Watch: Thousands attacked as REvil ransomware hijacks Kaseya VSA, Leaked Babuk Locker Ransomware Builder Used In New Attacks and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Babuk, IndigoZebra, Ransomware, REvil, Skimmer, Zero-day and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Shutdown Kaseya VSA Servers Now Amidst Cascading REvil Attack Against MSPs, Clients
(published: July 4, 2021)
A severe ransomware attack reportedly took place against the popular remote monitoring and management (RMM) software tool Kaseya VSA. On July 2, 2021, Kaseya urged users to shut down their VSA servers to prevent them from being compromised. The company estimated that fewer than 40 of their customers worldwide were affected, but as some of them were managed service providers (MSPs), over 1,000 businesses were infected. The majority of known victims are in the US with some in Europe (Sweden) and New Zealand. The attackers exploited a zero-day vulnerability in Kaseya’s systems that the company was in the process of fixing. It was part of the administrative interface vulnerabilities in tools for system administration previously identified by Wietse Boonstra, a DIVD researcher. The REvil payload was delivered via Kaseya software using a custom dropper that dropped two files. A dropper opens an old but legitimate copy of Windows Defender (MsMpEng.exe) that then side loads and executes the custom malicious loader's export. The attack coincided with the start of the US Independence Day weekend, and has several politically-charged strings, such as “BlackLivesMatter” Windows registry key and “DTrump4ever” as a password.
Analyst Comment: Kaseya VSA clients should safely follow the company’s recommendations as it advised shutting Kaseya VSA servers down, and is making new security updates available. Every organization should have a ransomware disaster recovery plan even if it is serviced by a managed service provider (MSP).
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Supply Chain Compromise - T1195 | [MITRE ATT&CK] DLL Side-Loading - T1073
Tags: REvil, Sodinokibi, Gandcrab, Leafroller, Kaseya VSA, ransomware, Ransomware-as-a- Service, zero-day, CVE-2021-30116, supply-chain, North America, USA, Sweden, New Zealand, MSP, RMM, schools
IndigoZebra APT Continues To Attack Central Asia With Evolving Tools
(published: July 1, 2021)
Researchers from Check Point have identified the Afghan Government as the latest victim in a cyber espionage campaign by the suspected Chinese group ‘IndigoZebra’. This attack began in April when Afghan National Security Council (NSC) officials began to receive lure emails claiming to be from the President’s secretariat. These emails included a decoy file that would install the backdoor ‘BoxCaon’ on the system before reaching out to the Dropbox API to act as a C&C server. The attacker would then be able to fingerprint the machine and begin accessing files. I |
Ransomware Spam Malware Tool Vulnerability Threat Guideline | APT 19 APT 10 | |
 |
2021-07-01 10:56:01 | (Déjà vu) Threat Source newsletter (July 1, 2021) (lien direct) |
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
Even though spam emails asking for gift cards may seem like the oldest trick in the book, they're still effective in 2021. The FBI estimates that business email compromise cost victims around $1.8 billion in 2020,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Spam | ||
 |
2021-06-30 05:56:11 | [Webinar] How Cyber Attack Groups Are Spinning a Larger Ransomware Web (lien direct) | Organizations today already have an overwhelming number of dangers and threats to look out for, from spam to phishing attempts to new infiltration and ransomware tactics. There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting systems.
Today, there are hundreds of groups devoted to infiltrating almost every industry, |
Ransomware Spam | ||
|
2021-06-29 16:29:00 | Anomali Cyber Watch: Microsoft Signs Malicious Netfilter Rootkit, Ransomware Attackers Using VMs, Fertility Clinic Hit With Data Breach and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, NetFilter, Ransomware, QBot, Wizard Spider, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Microsoft Signed a Malicious Netfilter Rootkit
(published: June 25, 2021)
Security researchers recently discovered a malicious netfilter driver that is signed by a valid Microsoft signing certificate. The files were initially thought to be a false positive due to the valid signing, but further inspection revealed that the malicious driver called out to a Chinese IP. Further research has analyzed the malware, dropper, and Command and Control (C2) commands. Microsoft is still investigating this incident, but has clarified that they did approve the signing of the driver.
Analyst Comment: Malware signed by a trusted source is a threat vector that can be easily missed, as organizations may be tempted to not inspect files from a trusted source. It is important for organizations to have network monitoring as part of their defenses. Additionally, the signing certificate used was quite old, so review and/or expiration of old certificates could prevent this malware from running.
MITRE ATT&CK: [MITRE ATT&CK] Code Signing - T1116 | [MITRE ATT&CK] Install Root Certificate - T1130
Tags: Netfilter, China
Dell BIOSConnect Flaws Affect 30 Million Devices
(published: June 24, 2021)
Four vulnerabilities have been identified in the BIOSConnect tool distributed by Dell as part of SupportAssist. The core vulnerability is due to insecure/faulty handling of TLS, specifically accepting any valid wildcard certificate. The flaws in this software affect over 30 million Dell devices across 128 models, and could be used for Remote Code Execution (RCE). Dell has released patches for these vulnerabilities and currently there are no known actors scanning or exploiting these flaws.
Analyst Comment: Any business or customer using Dell hardware should patch this vulnerability to prevent malicious actors from being able to exploit it. The good news is that Dell has addressed the issue. Patch management and asset inventories are critical portions of a good defense in depth security program.
MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 | [MITRE ATT&CK] Peripheral Device Discovery - T1120
Tags: CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574, Dell, BIOSConnect
Malicious Spam Campaigns Delivering Banking Trojans
(published: June 24, 2021)
Analysis from two mid-March 2021 spam campaignts revealed that th |
Ransomware Data Breach Spam Malware Tool Vulnerability Threat Patching | APT 30 | |
 |
2021-06-29 13:00:08 | Americans lost $29.8 billion to phone scams in the past year, study finds (lien direct) | The number of spam calls, the number of people losing money to them and the total amount of money lost In the past year are all record setting. | Spam | ||
|
2021-06-28 14:15:11 | CVE-2021-28585 (lien direct) | Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails. | Spam Vulnerability | ||
 |
2021-06-25 01:05:45 | Spam Downpour Drips New IcedID Banking Trojan Variant (lien direct) | The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day. | Spam | ||
|
2021-06-24 11:00:00 | Threat Source newsletter (June 24, 2021) (lien direct) |
Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers.
Even though spam emails asking for gift cards may seem like the oldest trick in the book, they're still effective in 2021. The FBI estimates that business email compromise cost victims around $1.8 billion in 2020,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Spam | ||
 |
2021-06-24 10:00:56 | Malicious spam campaigns delivering banking Trojans (lien direct) | In mid-March 2021, we observed two new spam campaigns delivering banking Trojans. The payload in most cases was IcedID, but we have also seen a few QBot (aka QakBot) samples. | Spam | ||
|
2021-06-19 09:45:00 | Tinder spam campaign hides "handwritten" links in profile images (lien direct) | A new trend has emerged on dating apps like Tinder with spammers sneaking in handwritten NSFW links within profile images. Multiple such Tinder spam profiles reviewed by BleepingComputer shared some common characteristics. [...] | Spam | ||
 |
2021-06-08 10:00:00 | Magic in Cybersecurity: Magic links to replace the password (lien direct) | This blog was written by an independent guest blogger. These days, magic links are in the air. They are becoming an intriguing means to strengthen digital security without inconveniencing users. This article discusses magic links, their magical function, and their potential benefits for a corporation. Magic links Magic links are authorized URLs that carry a token which grants accessibility to a particular user. They enable users to register or log in to a website, as well as make online transactions. When the user clicks on the URL, they get verified instantly. Magic links usually have a short life and are one-of-a-kind. Magic links form a digital authentication technique that can use both a passwordless and a multi-factor authentication system. Why use magic links In a digital world, magic links are useful in passwordless and multi-factor authentication. Passwordless authentication refers to a security system that doesn't use passwords. Users authenticate using a magic link, eliminating the need for passwords. They only require inputting an email address or contact number to get the URL to click. Multi-factor authentication (MFA) is a method of user authentication in various stages. Two or more authentication methods increase the steps the user must take. However, magic links provide the minimum complexity since users only need to click the URL to complete the procedure. How magic links work Magic links consist of three steps: On a sign-in page, the user inputs their email address. If the user has a registered email address, they will receive an email containing a magic link. To finish the sign-in cycle, the user selects and clicks the magic link. Conversely, at the time of registration, the user can also get a live link for authentication later on. This technique is comparable to a password reset process, in which a user receives a hidden link that enables them to update their password. Magic links function in the same way as password resets do, whereas the user doesn't need to type a password to navigate to their profile. Magic link security concerns One of several security issues users may face comes from the email provider. When email providers label magic link emails as spam, a significant email redirects to infrequently used spam folders. Users can require a link over a link without knowing they route to spam. The trick is to choose a reliable email provider with an IP address that traditional spam detection identifies as effective. Organizations can improve security of their magic links implementation. If an application delivers a magic link and the client seeks another, does the first link lapse? Users can become irritated if they have to click on several links to find the recent one. Magic links that expire leave the login process with minimal loopholes but give the user fewer options to sign in. Organizations need to consider this balance. Likewise, certain websites prevent users from utilizing magic links beyond the browser session in which the magic link was provided. When you close your window an | Spam | ★★★★ | |
|
2021-06-05 10:45:05 | Massive spam campaign promotes online casinos with misleading emails (lien direct) | Spammers are abusing affiliate programs to promote online casinos, such as Raging Bull Casino, Sports and Casino, Ducky Luck, and Royal Ace Casino, with misleading emails. [...] | Spam Guideline | ||
|
2021-06-04 00:00:00 | Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant (lien direct) | FortiGuard Labs recently captured a new phishing campaign in which a MS Excel document attached to a spam email downloaded and executed several pieces of VBscript code. Used to hijack bitcoin address info, this malware delivers a new variant of Agent Tesla onto the victim's device. Learn more.
|
Spam Malware | ||
|
2021-05-30 14:55:43 | Watch out: These unsubscribe emails only lead to further spam (lien direct) | Scammers use fake 'unsubscribe' spam emails to confirm valid email accounts to be used in future phishing and spam campaigns. [...] | Spam | ||
 |
2021-05-29 17:18:41 | Spear-phishing Email Targeting Outlook Mail Clients , (Sat, May 29th) (lien direct) | In February I posted about spam pretending to be an Outlook Version update [1] and now for the past several weeks I have been receiving spear-phishing emails that pretend to be coming from Microsoft Outlook to "Sign in to verify" my account, new terms of services, new version, etc. There also have been some reports this week about large ongoing spear-phishing campaign [2][3] worth reading. Here are some samples which always include a sense of urgency to login as soon as possible: | Spam | ||
 |
2021-05-27 13:12:16 | Cryptocurrency scam attack on Twitter reminds users to check their app connections (lien direct) | Are you doing enough to prevent scammers from hijacking your social media accounts? Even if you have chosen a strong, unique password for your online presence and enabled two-factor authentication it's possible that you've overlooked another way in which online criminals could commandeer your social media accounts and spam out a message to your followers. Read more in my article on the Tripwire State of Security blog. | Spam | ||
|
2021-05-24 20:53:10 | American Express Fined for Sending Millions of Spam Messages (lien direct) | British regulators ruled that Amex sent 4 million nuisance emails to opted-out customers. | Spam | ||
 |
2021-05-24 10:00:00 | Amex Fined After Sending Over Four Million Spam Emails (lien direct) | ICO claims customers did not consent to receiving marketing messages | Spam | ||
|
2021-05-23 10:00:00 | Amex fined £90,000 for sending 4 million spam emails in a year (lien direct) | The UK data regulator has fined American Express (Amex) £90,000 for sending over 4 million spam emails to customers within one year. [...] | Spam | ||
|
2021-05-20 14:13:26 | Bizarro Banking Trojan (lien direct) | Bizarro is a new banking trojan that is stealing financial information and crypto wallets. …the program can be delivered in a couple of ways — either via malicious links contained within spam emails, or through a trojanized app. Using these sneaky methods, trojan operators will implant the malware onto a target device, where it will install a sophisticated backdoor that “contains more than 100 commands and allows the attackers to steal online banking account credentials,” the researchers write. The backdoor has numerous commands built in to allow manipulation of a targeted individual, including keystroke loggers that allow for harvesting of personal login information. In some instances, the malware can allow criminals to commandeer a victim's crypto wallet, too... | Spam Malware | ||
|
2021-05-20 12:02:40 | Spammers flood PyPI with pirated movie links and bogus packages (lien direct) | The official Python software package repository, PyPI, is getting flooded with spam packages, as seen by BleepingComputer. These packages are named after different movies in a style that is commonly associated with torrents and "warez" sites hosting pirated content. [...] | Spam | ||
|
2021-05-17 17:15:08 | CVE-2021-24295 (lien direct) | It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset. | Spam Vulnerability | ||
|
2021-05-13 13:54:57 | Muddy waters. Ofwat reveals it has received 20,000 spam and phishing emails so far this year (lien direct) | The Water Services Regulation Authority (better known as Ofwat) which is the UK Government's department responsible for regulating the privatised water and sewage industry in England and Wales, said it had received 21,486 malicious emails so far this year - with 5,149 classified as phishing attacks. At first glance that sounds pretty bad for such a short period of time, especially when you consider that Ofwat only employs 266 people. But is it? Read more in my article on the Tripwire State of Security blog. | Spam | ||
|
2021-05-07 05:00:00 | Cuba Ransomware partners with Hancitor for spam-fueled attacks (lien direct) | The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks. [...] | Ransomware Spam Malware | ||
|
2021-05-06 13:15:11 | CVE-2021-24245 (lien direct) | The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. | Spam Guideline | ||
|
2021-05-05 06:51:24 | New Study Warns of Security Threats Linked to Recycled Phone Numbers (lien direct) | A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services.
Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners |
Spam | ||
|
2021-05-03 10:00:36 | Spam and phishing in Q1 2021 (lien direct) | In terms of spam and phishing, in Q1 2021, we largely saw a continuation of the 2020 trends: exploitation of COVID-19 theme, hunting corporate account credentials and spoofing of online store websites. | Spam | ||
|
2021-04-26 02:50:01 | Emotet Malware Destroys Itself From All Infected Computers (lien direct) | Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation.
The development comes three months after a coordinated disruption of Emotet as part of "Operation Ladybird" to seize control of servers used to run and maintain the malware |
Ransomware Spam Malware | ||
|
2021-04-21 12:15:08 | CVE-2021-20501 (lien direct) | IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could exploit this vulnerability to consume unnecessary network bandwidth and disk space, and allow remote attackers to send spam email. IBM X-Force ID: 198056. | Spam Vulnerability | ||
 |
2021-04-16 14:58:31 | Expert Reaction on Research that Coronavirus Triggering Surge in Cyber Fraud (lien direct) | The rise in cyber fraud cannot be disputed, with spam messages multiplying 220 times between February and March 2020 and malicious URLs increasing by 260%. The rise in cyber fraud cannot be disputed, with… | Spam | ||
|
2021-04-12 18:12:04 | IcedID Circulates Via Web Forms, Google URLs (lien direct) | Attackers are filling out and submitting web-based "contact us" forms, thus evading email spam filters. | Spam | ||
|
2021-04-08 11:00:00 | Threat Source Newsletter (April 8, 2021) (lien direct) | Newsletter compiled by Jon Munshaw.
Good afternoon, Talos readers.
We've all heard about spam coming through your email or those robocalls we all hate. But during the COVID-19 pandemic, attackers are now turning to chat rooms and gaming servers to spread spam. Talos researchers this...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Spam | ||
|
2021-03-31 08:34:54 | Quick Analysis of a Modular InfoStealer, (Wed, Mar 31st) (lien direct) | This morning, an interesting phishing email landed in my spam trap. The mail was redacted in Spanish and, as usual, asked the recipient to urgently process the attached document. The filename was "AVISO.001" (This extension is used by multi-volume archives). The archive contained a PE file with a very long name: AVISO11504122921827776385010767000154304736120425314155656824545860211706529881523930427.exe (SHA256:ff834f404b977a475ef56f1fa81cf91f0ac7e07b8d44e0c224861a3287f47c8c). The file is unknown on VT at this time so I did a quick analysis. | Spam | ||
|
2021-03-23 10:00:00 | Cybersecurity and accessibility for Ecommerce platforms: Is it possible? (lien direct) | This blog was written by an independent guest blogger. Ecommerce store losses to online payment fraud are expected to reach $25 billion by 2024, a new Juniper report reveals — up from just $17 billion in 2020. Undoubtedly, cybersecurity should be a top priority for ecommerce owners. At the same time, accessibility is another pressing concern, with the need for websites to comply with the World Wide Web Consortium's Web Content Accessibility Guidelines (WCAG 2.0 AA). However, captchas — essential for making online shopping more secure — lack accessibility, while user-friendly input assistance potentially poses a security risk. Fortunately, it’s possible to make your ecommerce site accessible to customers with disabilities without compromising the strong security standards needed in this digital age. Importance of accessibility Ultimately, WCAG 2.0 AA compliance means that customers with either hearing or sight impairments, learning disabilities, or physical limitations will be able to visit your store. Your website will be compatible with the special software and assistive technologies these visitors may use to access and navigate it. Moreover, by making your ecommerce store accessible, you’ll inevitably reach a wider audience and increase conversions. The secure and streamlined checkout process — an important part of website accessibility — will give customers a faster and more appealing shopping experience. Again, this further boosts conversions, and customers will be more likely to want to repeat such a smooth and stress-free purchase. Best practices for site optimization and accessibility also go hand in hand. For example, images with descriptive text, site maps, breadcrumb links, alt text, and readability will all boost your site’s organic SEO equity. Ecommerce SEO will give you a competitive edge and place your site higher up in the search results. Alternatives to captcha Although captchas are important for strengthening website security, they’re typically inaccessible to people with disabilities who’re unable to clearly see and hear words, letters and numbers. Fortunately, alternative options can bolster security while maintaining accessibility. For example, if you use the captcha to verify that it’s a human visiting your site (and not a robot), try text and/or audio versions that clearly communicate the details of the captcha. So, this could mean including text that reads “type the word in the image” and an audio clip that announces “type the letters spoken in the audio.” Additionally, you can use other accessible alternatives, including human test questions, server-side spam filters, honeypot traps, and heuristic filters. Incorporating a combination of effective and reliable security options will ensure your ecommerce site remains accessible to people with disabilities without increasing the risk of security breaches. The issue of input assistance Input assistance is an essential feature that can help make your ecommerce site more accessible; it essentially works to help correct a customers' | Spam | ||
|
2021-03-17 15:09:39 | Experts Perspective On HP Bromium Q4 Rept: Detection Not Stopping Newer Threats (lien direct) | HP Bromium has just published its extensive THREAT INSIGHTS REPORT Q4-2020, which documents that Q4 2020 saw a 239 percent increase in malicious spam distributing Dridex malware, a substantial rise… | Spam Threat | ||
|
2021-03-15 21:17:43 | “Please someone help me.” FaceTime users bombarded with group call spam (lien direct) | Apple doesn't provide tools that effectively ease a major headache for FaceTime users. | Spam | ||
|
2021-03-11 18:58:10 | NanoCore RAT Scurries Past Email Defenses with .ZIPX Tactic (lien direct) | A spam campaign hides a malicious executable behind file archive extensions. | Spam | ||
|
2021-03-05 06:16:23 | Spam Farm Spotted in the Wild, (Fri, Mar 5th) (lien direct) | If there is a place where you can always find juicy information, it&#;x26;#;39;s your spam folder! Yes, I like spam and I don&#;x26;#;39;t delete my spam before having a look at it for hunting purposes. Besides emails flagged as spam, NDR or "Non-Delivery Receipt" messages also deserve some attention. One of our readers (thanks to him!) reported yesterday how he found a "spam farm" based on bounced emails. By default, SMTP is a completely open protocol. Everybody can send an email pretending to be Elon Musk or Joe Biden! That&#;x26;#;39;s why security control like SPF[1] or DKIM[2] can be implemented to prevent spoofed emails to be sent from anywhere. If not these controls are not implemented, you may be the victim of spam campaigns that abuse your domain name or identity. The "good" point (if we can say this) is that all NDR messages will bounce to the official mail server that you manage. That&#;x26;#;39;s what happened with our reader, he saw many bounced messages for unknown email addresses. Here is an example: | Spam | ||
 |
2021-02-16 01:40:28 | Fight against stalking thanks to OSINT (lien direct) | Tags: OSINTviolencestalkingThe following lines are the result of collaborative work, under the leadership of Justin Seitz. There are many of us working together, including Heartbroken and Nanardon.
OSINT is an acronym for Open Source Intelligence. It's a set of investigative techniques, allowing information to be retrieved from so-called open sources. Used by journalists, by police or in cybersecurity, OSINT can help to find information but it can also be used to protect yourself from malicious people. Violences against people, especially against women increased and diversified. Harassment, raids, doxxing, revenge porn by video or by pictures, identity theft or school harassment, etc. How to react? How to prevent them? Our goal is to give you simple resources, without the needs for special knowledge. It doesn't substitute support groups, law enforcement, health professionals or lawyers. We trust you. You are not responsible. Facts and situations we will use to illustrate ours kits are criminally and civilly repressed. You are not alone. The information provided in this article does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available in this article are for general informational purposes only. Furthermore this article was written mainly in regards to French and European laws. Readers should consult their local laws and contact an attorney to obtain advice with respect to any particular legal matter. When we talk about stalking, we mean watching or spying on someone remotely, using digital tools. We can distinguish two hypotheses: The case where the victim and the stalker know each other personally and intimately; The case where the victim does not personally know the person watching him/her online. It should be noted that this surveillance can go beyond the digital tools and also result in actions in real life. Identify all the elements The common point for both cases is the same as in the previous articles: before deleting anything, collect and archive all items. If you find spyware in your devices, make at least screenshots of the applications found, with all the technical details. The known stalker This is usually a person with whom the victim has had a very close relationship: former spouse or current spouse. We use the masculine by default, but victims can be of either sex, just as stalkers can be either male or female. Finally, this sit |
Spam Guideline |
To see everything:
Our RSS (filtrered)
