Threat Report Wednesday September 11th 2019
Paul Scott on September 11, 2019
In this week’s threat report, we’re shining the spotlight on Hoplight and friends, phishing with LokiBot, meeting Purple Fox, juking Windows Defender, and discovering the weak, hardcoded passwords botnets love on the radio. Hoplight in the spotlight with Electricfish and Bad Call DHS, FBI, DoD, and CyberCommand have been busy dropping dimes on North Korean state-sponsored hackers, uploading several samples for malware, and RATs. Eleven samples were released by U.
Threat Report Wednesday September 4th 2019
Paul Scott on September 4, 2019
Have you been pwnd by the threats in this week’s report? This week includes active campaigns for landing AZORult malware, WordPress exploitation, a couple of breaches, and some state sponsored DDoS with the Great Canon. WordPress campaign creates rogue admins In this new WordPress campaign, the attackers are exploiting known vulnerabilities in WordPress plugins to create rogue admin accounts on WordPress sites across the internet. Known vulnerabilities in WordPress are exploited to inject malicious JavaScript into the front end of the victim’s sites, redirecting site visitors to potentially harmful content like malware dropper and fraud sites.
Threat Report Wednesday August 28th 2019
Paul Scott on August 28, 2019
Let’s see what’s poppin’ in this week’s threat report. We’re covering a hosting provider that lost personally identifiable information (PII) for 14M domain owners. Privilege escalation in Windows software that would allow malware to persist. And a popular trojan is now free on the dark Web. Hostinger’s DB, with PII for 14M people, popped The Web hosting provider, Hostinger, disclosed a security incident that impacted its platform and users. The incident was discovered on August 23, 2019.
Threat Report Thursday August 22nd 2019
Paul Scott on August 22, 2019
Let’s see what’s poppin’ in this week’s threat report. Or, getting popped as it were. We’ve got ransomware in Texas, implanted code at Webmin, the return of a banking trojan that’s gone the way of polymorphic malware, and the 2019 mid-year breach update. Giddy-up, partner! Texas Ransomware Massacre In a coordinated ransomware massacre, at least 20 local government entities across the Lone Star state have been hit, and hackers are asking for $2.
Threat Report Wednesday August 14th 2019
Paul Scott on August 14, 2019
This week we’re focusing heavily on Windows. We have some new vulnerabilities, device driver design flaws, and a malspam campaign leveraging Office documents. Let’s get this party started. Seven Microsoft Windows vulnerabilities According to a Microsoft advisory published yesterday, August 13, 2019, seven new vulnerabilities have been disclosed with patches released – three of which are rated as ‘important’ and four are rated as ‘critical.’ Exploits have been developed by researchers so we should expect to see exploits for these vulnerabilities running wild soon.
Threat Report Wednesday August 7th 2019
Paul Scott on August 7, 2019
We’ve got a lot of wild botnet and phishing activity in this week’s threat report. Let’s get this party started. Richard’s First Echobot First observed in May 2019, a new variant of Echobot Botnet is picking up steam targeting various Internet-of-Things (IoT) devices, including routers, cameras, smart home hubs, network-attached storage systems, servers, and more. We expect to see this IoT focused botnet evolve to add exploits for the Urgent/11 vulnerabilities we discussed in the Perch Monthly User’s Meeting.
Threat Report Wednesday July 31st 2019
Paul Scott on July 31, 2019
What’s cooking this week? WatchBog and Trickbot learn some new tricks while some big names suffer embarrassing breaches. Let’s start off with the biggest data breach from last week. Capital One breached by… open S3 buckets Paige Thompson, a former Systems Engineer for Amazon Web Services, also known as erratic, has been labeled responsible for the Capital One breach affecting about 100M people in the U.S. and 6M in Canada.
Release Notes
July 30, 2019
Threat Report Wednesday July 24th 2019
Paul Scott on July 24, 2019
Let’s get this party started. Russian FSB’s secret projects exposed, new Office 365 (O365) phishing campaign underway, universities at risk to phishing, and newly disclosed vulnerabilities, Brushaloader and Watchbog go wild. Oh, and a ProFTP vulnerability hits the streets. FSB contracted breached for 7.5TB A group of hackers named 0v1ru$ have breached Sytech, a contractor for FSB, Russia’s national intelligence service, on July 13, 2019. The group was able to hack into SyTech’s Active Directory server where they accessed the company’s entire network, including a JIRA instance.
Threat Report Thursday July 18th 2019
Paul Scott on July 18, 2019
Let’s get going with some of the top threats we’re highlighting this week. Notably, there have been a number of advisories released by different governments related to ongoing campaigns and new critical vulnerabilities. Watch out for DNS hijacking campaigns The UK’s National Cyber Security Centre (NCSC) has released an advisory highlighting a large scale global Domain Name Systems (DNS) hijacking campaign. DNS is the service responsible for translating domain names to IP addresses hosting services.