Threat reports


Did you miss us last week? We’ve been busy investigating some recent threats and have an update for you in this week’s threat report. Hackers get hacked for 26M cards, APT35 returns with a new campaign using non-standard link shorteners, Diamond Fox gets demo’d on YouTube, and Bishopfox releases Pwn Pulse POC. Hackers pilfer underground hack store for 26M stolen credit cards One of the largest underground stores for buying stolen credit card data, BriansClub, was hacked.

Read More


Threat actors are focusing their attention on a number of different industries in this week’s threat report. U.S. Oil and Gas RATs, defense contractors with sensitive info hit by ransomware, and a bunch of well-known online publishers are targeted for malvertising. It’s a good week to join your industry’s ISAC/ISAO if you have one. In addition to the industry focused infections, we’ve got another critical EXIM vulnerability and new Windows malware, Nodersok, is teaching lessons about living-off-the-land.

Read More


In this week’s threat report, we’re covering some out-of-band critical patches released by Microsoft to prevent code execution, a malspam campaign targeting U.S. utilities, some new variants info stealing malware for Mac, and a 0-day in popular forum software. Microsoft releases emergency patches Microsoft released two out-of-band security updates for a remote code execution vulnerability tracked “CVE-2019-1367” and a denial-of-service vulnerability tracked “CVE-2019-1255”. CVE-2019-1367 allows attackers to execute arbitrary code in the context of the current user.

Read More


In this week’s threat report we’re covering a variety of topics. Summer is over and the fall malspam campaigns have arrived, multiple open databases have led to a loss of valuable data, and a wiry new malware dropper jumps into action. Let’s get this party started. Summer vacation is over for Emotet Emotet infected hosts began communicating with command and control infrastructure, which pushed updates to the bots, and started a new malspam campaign on 9/16/19 after taking summer off.

Read More


In this week’s threat report, we’re shining the spotlight on Hoplight and friends, phishing with LokiBot, meeting Purple Fox, juking Windows Defender, and discovering the weak, hardcoded passwords botnets love on the radio. Hoplight in the spotlight with Electricfish and Bad Call DHS, FBI, DoD, and CyberCommand have been busy dropping dimes on North Korean state-sponsored hackers, uploading several samples for malware, and RATs. Eleven samples were released by U.

Read More


Have you been pwnd by the threats in this week’s report? This week includes active campaigns for landing AZORult malware, WordPress exploitation, a couple of breaches, and some state sponsored DDoS with the Great Canon. WordPress campaign creates rogue admins In this new WordPress campaign, the attackers are exploiting known vulnerabilities in WordPress plugins to create rogue admin accounts on WordPress sites across the internet. Known vulnerabilities in WordPress are exploited to inject malicious JavaScript into the front end of the victim’s sites, redirecting site visitors to potentially harmful content like malware dropper and fraud sites.

Read More


Let’s see what’s poppin’ in this week’s threat report. We’re covering a hosting provider that lost personally identifiable information (PII) for 14M domain owners. Privilege escalation in Windows software that would allow malware to persist. And a popular trojan is now free on the dark Web. Hostinger’s DB, with PII for 14M people, popped The Web hosting provider, Hostinger, disclosed a security incident that impacted its platform and users. The incident was discovered on August 23, 2019.

Read More


Let’s see what’s poppin’ in this week’s threat report. Or, getting popped as it were. We’ve got ransomware in Texas, implanted code at Webmin, the return of a banking trojan that’s gone the way of polymorphic malware, and the 2019 mid-year breach update. Giddy-up, partner! Texas Ransomware Massacre In a coordinated ransomware massacre, at least 20 local government entities across the Lone Star state have been hit, and hackers are asking for $2.

Read More


This week we’re focusing heavily on Windows. We have some new vulnerabilities, device driver design flaws, and a malspam campaign leveraging Office documents. Let’s get this party started. Seven Microsoft Windows vulnerabilities According to a Microsoft advisory published yesterday, August 13, 2019, seven new vulnerabilities have been disclosed with patches released – three of which are rated as ‘important’ and four are rated as ‘critical.’ Exploits have been developed by researchers so we should expect to see exploits for these vulnerabilities running wild soon.

Read More


We’ve got a lot of wild botnet and phishing activity in this week’s threat report. Let’s get this party started. Richard’s First Echobot First observed in May 2019, a new variant of Echobot Botnet is picking up steam targeting various Internet-of-Things (IoT) devices, including routers, cameras, smart home hubs, network-attached storage systems, servers, and more. We expect to see this IoT focused botnet evolve to add exploits for the Urgent/11 vulnerabilities we discussed in the Perch Monthly User’s Meeting.

Read More