Segurança-Informática
65 subscribers
406 links
Download Telegram
to view and join the conversation
Website do mediático ransomware Netwalker foi apreendido pelas autoridades na darkweb

Website do mediático ransomware Netwalker foi apreendido pelas autoridades na darkweb. Os websites da dark web associados ao ransomware  Netwalker foram apreendidos por agentes de autoridade dos EUA e da Bulgária. Netwalker é uma operação Ransomware-as-a-Service (RaaS) que começou a operar no final de 2019, onde afiliados são recrutados para distribuir o ransomware e infectar…

https://seguranca-informatica.pt/website-do-mediatico-ransomware-netwalker-foi-apreendido-pelas-autoridades-na-darkweb/
Operação organizada a nível global derruba botnet do Emotet

Operação organizada a nível global derruba botnet do Emotet. O dia 27 de janeiro de 2021 foi um dia histórico no que toca a takedowns de malware. Por um lado, o website da darkweb do serviço ransomware-as-a-service (RaaS) do ransomware Netwalker foi apreendido pelas autoridades, o que levou a uma desativação global deste mediático ransomware.…

https://seguranca-informatica.pt/operacao-organizada-a-nivel-global-derruba-botnet-do-emotet/
New cryptojacking malware called Pro-Ocean is now attacking Apache, Oracle and Redis servers

New cryptojacking malware called Pro-Ocean is now attacking Apache, Oracle and Redis servers. Security experts from the Unit42 – PaloAlto Networks Team published an article describing how a recent malware targeting Apache, Oracle, and Redis servers in the wild. The researchers believed the malware operators are related to the China-based cybercrime group Rocke, a malicious…

https://seguranca-informatica.pt/new-cryptojacking-malware-called-pro-ocean-is-now-attacking-apache-oracle-and-redis-servers/
Campanhas de phishing MBWAY e Crédito Agrícola em curso em Portugal

Campanhas de phishing MBWAY e Crédito Agrícola em curso em Portugal. Durante os últimos dois dias foram identificadas duas campanhas personificando a banca em Portugal. As campanhas de phishing disseminadas pelos malfeitores usam o nome do serviço MBWAY e também do banco Crédito Agrícola com o objetivo de exfiltrar informação sensível e credenciais de acesso…

https://seguranca-informatica.pt/campanhas-de-phishing-mbway-e-credito-agricola-em-curso-em-portugal/
Conheça os mais recentes templates de phishing bancário em Portugal e não se deixe enganar

Conheça os mais recentes templates de phishing bancário em Portugal e não se deixe enganar. Ao longo do último ano, diversas campanhas de phishing em nome de entidades presentes no ciber-território português foram disseminadas. Como forma de agregar todas as campanhas de phishing e malware ocorridas e a decorrer em Portugual, foi disponibilizado um repositório/feed…

https://seguranca-informatica.pt/conheca-os-mais-recentes-templates-de-phishing-bancario-em-portugal-e-nao-se-deixe-enganar/
Lampion trojan disseminated in Portugal using COVID-19 template

The fresh release of the Latin American Lampion trojan was updated with a new C2 address. Lampion trojan disseminated in Portugal using COVID-19 template. In the last few days, a new release of the Latin American Lampion trojan was released in Portugal using a template related to COVID-19. This trojan has been distributed in Portugal…

https://seguranca-informatica.pt/lampion-trojan-disseminated-in-portugal-using-covid-19-template/
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication. Although exists a strong adoption of technologies with the goal of protecting the final user such as plugins, tokens, e-tokens, two-factor-authentication mechanisms, CHIP, PIN…

https://seguranca-informatica.pt/latin-american-javali-trojan-weaponizing-avira-antivirus-legitimate-injector-to-implant-malware/
A new malware dropper identified in 9 android apps on PlayStore

New malware dropper identified in 9 android apps on PlayStore. A new investigation of the Check Point Research Team found a malware dropper that has been spreading using 9 malicious apps available on the official Google Play Store. In order to evade Google Play Store detection mechanisms, the author of the threat used a group…

https://seguranca-informatica.pt/a-new-malware-dropper-identified-in-9-android-apps-on-playstore/
Exchange chain CVE-2021-26855 and CVE-2021-27065 walkthrough

Exchange chain CVE-2021-26855 and CVE-2021-27065 walkthrough. In recent days, Exchange has been exposed to several critical exploits explored in the wild. CVE-2021-26855 and CVE-2021-27065 are the two flaws involved in this critical scenario. CVE-2021-26855 is an SSRF vulnerability. The problem occurs when proxying client requests to the server. This vulnerability can obtain the user’s sid,…

https://seguranca-informatica.pt/exchange-chain-cve-2021-26855-and-cve-2021-27065-walkthrough/
PHP git server hacked with backdoor implanted

PHP git server hacked with backdoor implanted. Supply chain attacks are on the rise last months. This time, criminals implanted a backdoor on the official PHP git server that pushes unauthorized updates to add a secret backdoor into its source-code. In detail, the malicious commits were added to the self-hosted “php-src” repository hosted on the…

https://seguranca-informatica.pt/php-git-server-hacked-with-backdoor-implanted/
cl0p ransomware group compromised and leaked data from 6 US universities – including students’ details

cl0p ransomware group compromised and leaked data from 6 US universities – including students’ details. The Cl0p ransomware group claimed to gain access to financial documents and passport information from students and staff from six top universities in the USA. The group leaked proof of the stolen data online on the 29th of March. The…

https://seguranca-informatica.pt/cl0p-ransomware-group-compromised-and-leaked-data-from-6-us-universities-including-students-details/
Facebook users’ leak – just another thread … the same data observed in 2019

Facebook users’ leak – just another thread … the same data observed in 2019. Another leak with approximately 533 million Facebook users was published online and harvested by criminals in 2019 using a disclosed vulnerability. But, can we consider this leak something new?  No!  All 533,000,000 Facebook records were just leaked for free. This means…

https://seguranca-informatica.pt/facebook-users-leak-just-another-thread-the-same-data-observed-in-2019/
RCE will not be fixed on Cisco EOL Business routers

RCE will not be fixed on Cisco EOL Business routers. Last days, the giant Cisco said that there is no plan to fix a critical vulnerability (RCE) affecting some small business routers – instead urging users to replace the devices. The flaw tracked as CVE-2021-1459 is a CVSS score of 9.8 out of 10, and…

https://seguranca-informatica.pt/rce-will-not-be-fixed-on-cisco-eol-business-routers/
Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge full pwned

Pwn2Own 2021: Zoom, Teams, Exchange, Chrome, and Edge full pwned. The North American Pwn2Own event has taken place alongside the annual CanSecWest security conference held in Vancouver, Canada, but this year the official host city was Austin, Texas. Due to the pandemic situation, the hacking teams were distributed all over the world, rather than all…

https://seguranca-informatica.pt/pwn2own-2021-zoom-teams-exchange-chrome-and-edge-full-pwned/
Atualize os navegadores web Chrome, Opera, Brave e Edge para evitar um ataque via 0day

Atualize os navegadores web Chrome, Opera, Brave e Edge para evitar um ataque via 0day. O Google lançou na terça-feira uma nova versão do Chrome para Windows, Mac e Linux com patches para duas vulnerabilidades de segurança recém-descobertas e denominadas dia zero (0day). Uma das duas falhas diz respeito a uma validação insuficiente de entrada…

https://seguranca-informatica.pt/atualize-os-navegadores-web-chrome-opera-brave-e-edge-para-evitar-um-ataque-via-0day/
Threat Report Portugal: Q1 2021

Threat Report Portugal Q1 2021: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also supported by a healthy community of contributors. This makes it a…

https://seguranca-informatica.pt/threat-report-portugal-q1-2021/
A taste of the latest release of QakBot

A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot, also known as Qbot, Pinkslipbot, and Quakbot is a banking trojan that has been made headlines since 2007. This piece of malware is focused on stealing banking credentials and victim’s secrets…

https://seguranca-informatica.pt/a-taste-of-the-latest-release-of-qakbot/
Dancing in the IoT: CHIYU devices vulnerable to remote attacks

Dancing in the IoT: CHIYU devices vulnerable to remote attack and could be used as an initial foothold to access internal networks. Vulnerabilities in Internet of Things devices (IoT) allow cybercriminals to get access and take control of them remotely in attacks that can be exploited to gain access to the internal networks. In this…

https://seguranca-informatica.pt/dancing-in-the-iot-chiyu-devices-vulnerable-to-remote-attacks/
Phishing bancário em andamento e tirando partido de falhas open-redirect do Google para evitar deteção

Phishing bancário em andamento em Portugal e tirando partido de falhas conhecidas como open-redirect em portais de sistemas legítimos do Google para evitar a sua deteção. Se acha que o modus operandi de phishing bancário em Portugal se mantém sem atualização por parte dos criminosos, pois está ligeiramente errado. Desde o final de domingo, dia…

https://seguranca-informatica.pt/phishing-bancario-em-andamento-e-tirando-partido-de-falhas-open-redirect-do-google-para-evitar-detecao/
Para quando o fim dos ciber-ataques?

Para quando o fim dos ciber-ataques?  Conheça aqui a matemática dos incidentes em Portugal submetidos durante 2020 no 0xSI_f33d. Vivemos numa era digital onde somos constantemente bombardeados por ataques informáticos de diferentes naturezas no nosso dia-a-dia. O número de ataques tem crescido tanto a nível de volume como de sofisticação, e os indicadores de cibercrime…

https://seguranca-informatica.pt/para-quando-o-fim-dos-ciber-ataques/