Threat Report Thursday October 17th 2019
Paul Scott on October 17, 2019
Did you miss us last week? We’ve been busy investigating some recent threats and have an update for you in this week’s threat report. Hackers get hacked for 26M cards, APT35 returns with a new campaign using non-standard link shorteners, Diamond Fox gets demo’d on YouTube, and Bishopfox releases Pwn Pulse POC. Hackers pilfer underground hack store for 26M stolen credit cards One of the largest underground stores for buying stolen credit card data, BriansClub, was hacked.
Perch Security named winner in Cyber Defense Global Awards 2019
Perchy on October 9, 2019
“We’re thrilled to name Perch Security a winner as Managed Detection and Response (MDR) and also Intrusion Detection System (IDS) in our Global Awards program. They won these awards because they pioneered threat detection – an innovative approach to defeating the next generation of cyber criminals,” said Gary S. Miliefsky, Publisher, Cyber Defense Magazine. Get the full story here. About Cyber Defense Global Awards This is Cyber Defense Magazine's seventh year of honoring InfoSec innovators from around the globe.
Can Perch detect Ransomware?
Wes Spencer on October 8, 2019
A new-ish customer asked us this week about the quality of their ransomware detection coverage (based on the intel feeds they were pulling in), and how Perch handles ransomware. It was a great question, so I thought I would recap it here and share it with all of you. Intel on ransomware: Perch has a large and ever-growing amount of detections for ransomware. Here are just a few examples if you’d like to take a look.
Threat Report Thursday October 3rd 2019
Paul Scott on October 3, 2019
Threat actors are focusing their attention on a number of different industries in this week’s threat report. U.S. Oil and Gas RATs, defense contractors with sensitive info hit by ransomware, and a bunch of well-known online publishers are targeted for malvertising. It’s a good week to join your industry’s ISAC/ISAO if you have one. In addition to the industry focused infections, we’ve got another critical EXIM vulnerability and new Windows malware, Nodersok, is teaching lessons about living-off-the-land.
Threat Report Thursday September 26th 2019
Paul Scott on September 26, 2019
In this week’s threat report, we’re covering some out-of-band critical patches released by Microsoft to prevent code execution, a malspam campaign targeting U.S. utilities, some new variants info stealing malware for Mac, and a 0-day in popular forum software. Microsoft releases emergency patches Microsoft released two out-of-band security updates for a remote code execution vulnerability tracked “CVE-2019-1367” and a denial-of-service vulnerability tracked “CVE-2019-1255”. CVE-2019-1367 allows attackers to execute arbitrary code in the context of the current user.
Release Notes
September 24, 2019
Threat Report Thursday September 19th 2019
Paul Scott on September 19, 2019
In this week’s threat report we’re covering a variety of topics. Summer is over and the fall malspam campaigns have arrived, multiple open databases have led to a loss of valuable data, and a wiry new malware dropper jumps into action. Let’s get this party started. Summer vacation is over for Emotet Emotet infected hosts began communicating with command and control infrastructure, which pushed updates to the bots, and started a new malspam campaign on 9/16/19 after taking summer off.
Threat Report Wednesday September 11th 2019
Paul Scott on September 11, 2019
In this week’s threat report, we’re shining the spotlight on Hoplight and friends, phishing with LokiBot, meeting Purple Fox, juking Windows Defender, and discovering the weak, hardcoded passwords botnets love on the radio. Hoplight in the spotlight with Electricfish and Bad Call DHS, FBI, DoD, and CyberCommand have been busy dropping dimes on North Korean state-sponsored hackers, uploading several samples for malware, and RATs. Eleven samples were released by U.
Threat Report Wednesday September 4th 2019
Paul Scott on September 4, 2019
Have you been pwnd by the threats in this week’s report? This week includes active campaigns for landing AZORult malware, WordPress exploitation, a couple of breaches, and some state sponsored DDoS with the Great Canon. WordPress campaign creates rogue admins In this new WordPress campaign, the attackers are exploiting known vulnerabilities in WordPress plugins to create rogue admin accounts on WordPress sites across the internet. Known vulnerabilities in WordPress are exploited to inject malicious JavaScript into the front end of the victim’s sites, redirecting site visitors to potentially harmful content like malware dropper and fraud sites.
Threat Report Wednesday August 28th 2019
Paul Scott on August 28, 2019
Let’s see what’s poppin’ in this week’s threat report. We’re covering a hosting provider that lost personally identifiable information (PII) for 14M domain owners. Privilege escalation in Windows software that would allow malware to persist. And a popular trojan is now free on the dark Web. Hostinger’s DB, with PII for 14M people, popped The Web hosting provider, Hostinger, disclosed a security incident that impacted its platform and users. The incident was discovered on August 23, 2019.