TA505 Spear Phishing Campaign Uses LOLBins to Avoid Detection
The TA505 hacking group ran a spear phishing campaign targeting a financial institution during April with the help of a signed version of the ServHelper backdoor and a number of LOLBins designed to help the operation evade detection. [...]
https://www.bleepingcomputer.com/news/security/ta505-spear-phishing-campaign-uses-lolbins-to-avoid-detection/
The TA505 hacking group ran a spear phishing campaign targeting a financial institution during April with the help of a signed version of the ServHelper backdoor and a number of LOLBins designed to help the operation evade detection. [...]
https://www.bleepingcomputer.com/news/security/ta505-spear-phishing-campaign-uses-lolbins-to-avoid-detection/
BleepingComputer
TA505 Spear Phishing Campaign Uses LOLBins to Avoid Detection
The TA505 hacking group ran a spear phishing campaign targeting a financial institution during April with the help of a signed version of the ServHelper backdoor and a number of LOLBins designed to help the operation evade detection.
EternalBlue Exploit Serves Beapy Cryptojacking Campaign
A cryptojacking campaign uses NSA's leaked DoublePulsar backdoor and the EternalBlue exploit to spread a file-based cryptocurrency malware on enterprise networks in China. [...]
https://www.bleepingcomputer.com/news/security/eternalblue-exploit-serves-beapy-cryptojacking-campaign/
A cryptojacking campaign uses NSA's leaked DoublePulsar backdoor and the EternalBlue exploit to spread a file-based cryptocurrency malware on enterprise networks in China. [...]
https://www.bleepingcomputer.com/news/security/eternalblue-exploit-serves-beapy-cryptojacking-campaign/
BleepingComputer
EternalBlue Exploit Serves Beapy Cryptojacking Campaign
A cryptojacking campaign uses NSA's leaked DoublePulsar backdoor and the EternalBlue exploit to spread a file-based cryptocurrency malware on enterprise networks in China.
Over 500% Increase in Ransomware Attacks Against Businesses
Cybercriminals have started focusing their efforts on businesses during Q1 2019, with consumer threat detections decreasing by roughly 24% year over year while businesses have seen a 235% increase in the number of cyber attacks against their computing systems. [...]
https://www.bleepingcomputer.com/news/security/over-500-percent-increase-in-ransomware-attacks-against-businesses/
Cybercriminals have started focusing their efforts on businesses during Q1 2019, with consumer threat detections decreasing by roughly 24% year over year while businesses have seen a 235% increase in the number of cyber attacks against their computing systems. [...]
https://www.bleepingcomputer.com/news/security/over-500-percent-increase-in-ransomware-attacks-against-businesses/
BleepingComputer
Over 500% Increase in Ransomware Attacks Against Businesses
Cybercriminals have started focusing their efforts on businesses during Q1 2019, with consumer threat detections decreasing by roughly 24% year over year while businesses have seen a 235% increase in the number of cyber attacks against their computing systems.
Emotet Uses Compromised Devices as Proxy Command Servers
A new Emotet Trojan variant has been observed in the wild with the added capabilities of using compromised connected devices as proxy command-and-control servers and of employing random URI directory paths to evade network-based detection rules. [...]
https://www.bleepingcomputer.com/news/security/emotet-uses-compromised-devices-as-proxy-command-servers/
A new Emotet Trojan variant has been observed in the wild with the added capabilities of using compromised connected devices as proxy command-and-control servers and of employing random URI directory paths to evade network-based detection rules. [...]
https://www.bleepingcomputer.com/news/security/emotet-uses-compromised-devices-as-proxy-command-servers/
BleepingComputer
Emotet Uses Compromised Devices as Proxy Command Servers
A new Emotet Trojan variant has been observed in the wild with the added capabilities of using compromised connected devices as proxy command-and-control servers and of employing random URI directory paths to evade network-based detection rules.
Devious Chase Bank Phishing Scam Asks For Selfies
A new phishing scam targeting Chase bank customers has been discovered that not only asks you for your personal information, but also requests that you upload a selfie of yourself holding your ID or driver license. [...]
https://www.bleepingcomputer.com/news/security/devious-chase-bank-phishing-scam-asks-for-selfies/
A new phishing scam targeting Chase bank customers has been discovered that not only asks you for your personal information, but also requests that you upload a selfie of yourself holding your ID or driver license. [...]
https://www.bleepingcomputer.com/news/security/devious-chase-bank-phishing-scam-asks-for-selfies/
BleepingComputer
Devious Chase Bank Phishing Scam Asks For Selfies
A new phishing scam targeting Chase bank customers has been discovered that not only asks you for your personal information, but also requests that you upload a selfie of yourself holding your ID or driver license.
The Anatomy of Highly Profitable Credential Stuffing Attacks
Even though credential stuffing is a popular method used by hacking groups to attack businesses since at least late 2014, there still is a lot to be uncovered about the techniques malicious actors use to run them. [...]
https://www.bleepingcomputer.com/news/security/the-anatomy-of-highly-profitable-credential-stuffing-attacks/
Even though credential stuffing is a popular method used by hacking groups to attack businesses since at least late 2014, there still is a lot to be uncovered about the techniques malicious actors use to run them. [...]
https://www.bleepingcomputer.com/news/security/the-anatomy-of-highly-profitable-credential-stuffing-attacks/
BleepingComputer
The Anatomy of Highly Profitable Credential Stuffing Attacks
Even though credential stuffing is a popular method used by hacking groups to attack businesses since at least late 2014, there still is a lot to be uncovered about the techniques malicious actors use to run them.
Atlanta Hawks Online Shop Hit with Credit Card Stealing Attack
The online shop for the Atlanta Hawks professional NBA basketball team had malicious code injected into it that allowed attackers to steal customer's credit card information. [...]
https://www.bleepingcomputer.com/news/security/atlanta-hawks-online-shop-hit-with-credit-card-stealing-attack/
The online shop for the Atlanta Hawks professional NBA basketball team had malicious code injected into it that allowed attackers to steal customer's credit card information. [...]
https://www.bleepingcomputer.com/news/security/atlanta-hawks-online-shop-hit-with-credit-card-stealing-attack/
BleepingComputer
Atlanta Hawks Online Shop Hit with Credit Card Stealing Attack
The online shop for the Atlanta Hawks professional NBA basketball team had malicious code injected into it that allowed attackers to steal customer's credit card information.
Hundreds of GoDaddy Accounts Used for "Miracle" Product Scams
Scammers pushing snake oil products compromised hundreds of GoDaddy accounts and used 15,000 subdomains to redirect to spam pages, some of which tried to impersonate popular websites. [...]
https://www.bleepingcomputer.com/news/security/hundreds-of-godaddy-accounts-used-for-miracle-product-scams/
Scammers pushing snake oil products compromised hundreds of GoDaddy accounts and used 15,000 subdomains to redirect to spam pages, some of which tried to impersonate popular websites. [...]
https://www.bleepingcomputer.com/news/security/hundreds-of-godaddy-accounts-used-for-miracle-product-scams/
BleepingComputer
Hundreds of GoDaddy Accounts Used for "Miracle" Product Scams
Scammers pushing snake oil products compromised hundreds of GoDaddy accounts and used 15,000 subdomains to redirect to spam pages, some of which tried to impersonate popular websites.
Microsoft Rolls Out Android Notification Syncing for Windows 10
Phone to PC notifications syncing with per-application configuration capabilities is currently being rolled out to Windows Insiders as announced by Microsoft's Director of Program Management Microsoft Mobile eXperiences Vishnu Nath. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-android-notification-syncing-for-windows-10/
Phone to PC notifications syncing with per-application configuration capabilities is currently being rolled out to Windows Insiders as announced by Microsoft's Director of Program Management Microsoft Mobile eXperiences Vishnu Nath. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-android-notification-syncing-for-windows-10/
BleepingComputer
Microsoft Rolls Out Android Notification Syncing for Windows 10
Phone to PC notifications syncing with per-application configuration capabilities is currently being rolled out to Windows Insiders as announced by Microsoft's Director of Program Management Microsoft Mobile eXperiences Vishnu Nath.
Vulnerable Confluence Servers Get Infected with Ransomware, Trojans
A critical Atlassian Confluence Server vulnerability is being remotely exploited by attackers to compromise both Linux and Windows servers, allowing them to drop GandCrab ransomware and the Dofloo (aka AES.DDoS, Mr. Black) Trojan. [...]
https://www.bleepingcomputer.com/news/security/vulnerable-confluence-servers-get-infected-with-ransomware-trojans/
A critical Atlassian Confluence Server vulnerability is being remotely exploited by attackers to compromise both Linux and Windows servers, allowing them to drop GandCrab ransomware and the Dofloo (aka AES.DDoS, Mr. Black) Trojan. [...]
https://www.bleepingcomputer.com/news/security/vulnerable-confluence-servers-get-infected-with-ransomware-trojans/
BleepingComputer
Vulnerable Confluence Servers Get Infected with Ransomware, Trojans
A critical Atlassian Confluence Server vulnerability is being remotely exploited by attackers to compromise both Linux and Windows servers, allowing them to drop GandCrab ransomware and the Dofloo (aka AES.DDoS, Mr. Black) Trojan.
A Closer Look at the RobbinHood Ransomware
The RobbinHood Ransomware is the latest player in the ransomware scene that is targeting companies and the computers on their network. This ransomware is not being distributed through spam but rather through other methods, which could include hacked remote desktop services or other Trojans that provide access to the attackers. [...]
https://www.bleepingcomputer.com/news/security/a-closer-look-at-the-robbinhood-ransomware/
The RobbinHood Ransomware is the latest player in the ransomware scene that is targeting companies and the computers on their network. This ransomware is not being distributed through spam but rather through other methods, which could include hacked remote desktop services or other Trojans that provide access to the attackers. [...]
https://www.bleepingcomputer.com/news/security/a-closer-look-at-the-robbinhood-ransomware/
BleepingComputer
A Closer Look at the RobbinHood Ransomware
The RobbinHood Ransomware is the latest player in the ransomware scene that is targeting companies and the computers on their network. This ransomware is not being distributed through spam but rather through other methods, which could include hacked remoteβ¦
Windows 10 Insider Build 18885 Fixes USB Drive Letter Reassignments
Microsoft has released Windows 10 Insider Preview Build 18885 for Insiders in the Fast ring. This build introduces new features for the Your Phone app, adds better dictation support, and includes a fix for USB drive and SD card drive letter reassignments after an upgrade. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18885-fixes-usb-drive-letter-reassignments/
Microsoft has released Windows 10 Insider Preview Build 18885 for Insiders in the Fast ring. This build introduces new features for the Your Phone app, adds better dictation support, and includes a fix for USB drive and SD card drive letter reassignments after an upgrade. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-build-18885-fixes-usb-drive-letter-reassignments/
BleepingComputer
Windows 10 Insider Build 18885 Fixes USB Drive Letter Reassignments
Microsoft has released Windows 10 Insider Preview Build 18885 for Insiders in the Fast ring. This build introduces new features for the Your Phone app, adds better dictation support, and includes a fix for USB drive and SD card drive letter reassignmentsβ¦
Windows 10 and Windows 7 Cumulative Updates Released With Fixes
A new set of cumulative updates are rolling out to devices with Windows 10 April 2018 Update, Windows 7 SP1 and Windows Server 2008 R2 SP1. The cumulative updates include general bug fixes and improvements designed to enhance the experience. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-and-windows-7-cumulative-updates-released-with-fixes/
A new set of cumulative updates are rolling out to devices with Windows 10 April 2018 Update, Windows 7 SP1 and Windows Server 2008 R2 SP1. The cumulative updates include general bug fixes and improvements designed to enhance the experience. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-and-windows-7-cumulative-updates-released-with-fixes/
BleepingComputer
Windows 10 and Windows 7 Cumulative Updates Released With Fixes
A new set of cumulative updates are rolling out to devices with Windows 10 April 2018 Update, Windows 7 SP1 and Windows Server 2008 R2 SP1. The cumulative updates include general bug fixes and improvements designed to enhance the experience.
Custom Start Menus in Roaming Profiles Reset After Windows 10 Upgrades
If you using a Roaming User Profile and customize your Windows 10 Start Menu, any changes will be reset after upgrading to a newer version of Windows 10. [...]
https://www.bleepingcomputer.com/news/microsoft/custom-start-menus-in-roaming-profiles-reset-after-windows-10-upgrades/
If you using a Roaming User Profile and customize your Windows 10 Start Menu, any changes will be reset after upgrading to a newer version of Windows 10. [...]
https://www.bleepingcomputer.com/news/microsoft/custom-start-menus-in-roaming-profiles-reset-after-windows-10-upgrades/
BleepingComputer
Custom Start Menus in Roaming Profiles Reset After Windows 10 Upgrades
If you using a Roaming User Profile and customize your Windows 10 Start Menu, any changes will be reset after upgrading to a newer version of Windows 10.
Old Vulnerabilities Are Still Good Tricks for Today's Attacks
The value of a security vulnerability drops significantly the moment it gets patched but the bad guys will keep exploiting it for as long as they can find victims that are worth the effort. [...]
https://www.bleepingcomputer.com/news/security/old-vulnerabilities-are-still-good-tricks-for-todays-attacks/
The value of a security vulnerability drops significantly the moment it gets patched but the bad guys will keep exploiting it for as long as they can find victims that are worth the effort. [...]
https://www.bleepingcomputer.com/news/security/old-vulnerabilities-are-still-good-tricks-for-todays-attacks/
BleepingComputer
Old Vulnerabilities Are Still Good Tricks for Today's Attacks
The value of a security vulnerability drops significantly the moment it gets patched but the bad guys will keep exploiting it for as long as they can find victims that are worth the effort.
GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores
Malicious actors compromised the Magento installations of a few hundred e-commerce websites and injected them with Magecart skimmer scripts hosted on GitHub. [...]
https://www.bleepingcomputer.com/news/security/github-hosted-magecart-card-skimmer-found-on-hundreds-of-stores/
Malicious actors compromised the Magento installations of a few hundred e-commerce websites and injected them with Magecart skimmer scripts hosted on GitHub. [...]
https://www.bleepingcomputer.com/news/security/github-hosted-magecart-card-skimmer-found-on-hundreds-of-stores/
BleepingComputer
GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores
Malicious actors compromised the Magento installations of a few hundred e-commerce websites and injected them with Magecart skimmer scripts hosted on GitHub.
The Week in Ransomware - April 26th 2019 - Targeting the Enterprise
This week the biggest news is that MalwareHunterTeam was able to get a sample of the RobbinHood ransomware that targets the enterprise so that it could be analyzed. The other big news is that attackers are hacking into Confluence servers using a recently released vulnerability to install the GandCrab ransomware, miners, and Trojans. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-26th-2019-targeting-the-enterprise/
This week the biggest news is that MalwareHunterTeam was able to get a sample of the RobbinHood ransomware that targets the enterprise so that it could be analyzed. The other big news is that attackers are hacking into Confluence servers using a recently released vulnerability to install the GandCrab ransomware, miners, and Trojans. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-26th-2019-targeting-the-enterprise/
BleepingComputer
The Week in Ransomware - April 26th 2019 - Targeting the Enterprise
This week the biggest news is that MalwareHunterTeam was able to get a sample of the RobbinHood ransomware that targets the enterprise so that it could be analyzed. The other big news is that attackers are hacking into Confluence servers using a recentlyβ¦
Hacked Docker Hub Database Exposed Sensitive Data of 190K Users
An unauthorized person gained access to a Docker Hub database that exposed the the user names and hashed passwords for approximately 190,000 users. In addition, a small percentage of users have had their GitHub and Bitbucket tokens for Docker autobuilds leaked as well. [...]
https://www.bleepingcomputer.com/news/security/hacked-docker-hub-database-exposed-sensitive-data-of-190k-users/
An unauthorized person gained access to a Docker Hub database that exposed the the user names and hashed passwords for approximately 190,000 users. In addition, a small percentage of users have had their GitHub and Bitbucket tokens for Docker autobuilds leaked as well. [...]
https://www.bleepingcomputer.com/news/security/hacked-docker-hub-database-exposed-sensitive-data-of-190k-users/
BleepingComputer
Docker Hub Database Hack Exposes Sensitive Data of 190K Users
An unauthorized person gained access to a Docker Hub database that exposed the the user names and hashed passwords for approximately 190,000 users. In addition, a small percentage of users have had their GitHub and Bitbucket tokens for Docker autobuilds leakedβ¦
Fake Windows PC Cleaner Drops AZORult Info-Stealing Trojan
Researchers have discovered a web site pushing a PC cleaner tool for Windows that in reality is just a front for the Azorult password and information stealing Trojan. [...]
https://www.bleepingcomputer.com/news/security/fake-windows-pc-cleaner-drops-azorult-info-stealing-trojan/
Researchers have discovered a web site pushing a PC cleaner tool for Windows that in reality is just a front for the Azorult password and information stealing Trojan. [...]
https://www.bleepingcomputer.com/news/security/fake-windows-pc-cleaner-drops-azorult-info-stealing-trojan/
BleepingComputer
Fake Windows PC Cleaner Drops AZORult Info-Stealing Trojan
Researchers have discovered a web site pushing a PC cleaner tool for Windows that in reality is just a front for the Azorult password and information stealing Trojan.
Europeans Hit with Multi-Stage Malware Loader via Signed Malspam
Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with the help of a multi-stage malware loader dubbed JasperLoader over the past few months. [...]
https://www.bleepingcomputer.com/news/security/europeans-hit-with-multi-stage-malware-loader-via-signed-malspam/
Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with the help of a multi-stage malware loader dubbed JasperLoader over the past few months. [...]
https://www.bleepingcomputer.com/news/security/europeans-hit-with-multi-stage-malware-loader-via-signed-malspam/
BleepingComputer
Europeans Hit with Multi-Stage Malware Loader via Signed Malspam
Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with the help of a multi-stage malware loader dubbed JasperLoader over the past few months.
Microsoft Asks Users to Call Windows 10 Devs About Taskbar Experience
Microsoft has started to display notifications in the action center asking Insiders to schedule a call with Windows 10 developers in order to provide feedback regarding the Taskbar experience. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-users-to-call-windows-10-devs-about-taskbar-experience/
Microsoft has started to display notifications in the action center asking Insiders to schedule a call with Windows 10 developers in order to provide feedback regarding the Taskbar experience. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-users-to-call-windows-10-devs-about-taskbar-experience/
BleepingComputer
Microsoft Asks Users to Call Windows 10 Devs About Taskbar Experience
Microsoft has started to display notifications in the action center asking Insiders to schedule a call with Windows 10 developers in order to provide feedback regarding the Taskbar experience.