Threat reports


This week we’re focusing heavily on Windows. We have some new vulnerabilities, device driver design flaws, and a malspam campaign leveraging Office documents. Let’s get this party started. Seven Microsoft Windows vulnerabilities According to a Microsoft advisory published yesterday, August 13, 2019, seven new vulnerabilities have been disclosed with patches released – three of which are rated as ‘important’ and four are rated as ‘critical.’ Exploits have been developed by researchers so we should expect to see exploits for these vulnerabilities running wild soon.

Read More


We’ve got a lot of wild botnet and phishing activity in this week’s threat report. Let’s get this party started. Richard’s First Echobot First observed in May 2019, a new variant of Echobot Botnet is picking up steam targeting various Internet-of-Things (IoT) devices, including routers, cameras, smart home hubs, network-attached storage systems, servers, and more. We expect to see this IoT focused botnet evolve to add exploits for the Urgent/11 vulnerabilities we discussed in the Perch Monthly User’s Meeting.

Read More


What’s cooking this week? WatchBog and Trickbot learn some new tricks while some big names suffer embarrassing breaches. Let’s start off with the biggest data breach from last week. Capital One breached by… open S3 buckets Paige Thompson, a former Systems Engineer for Amazon Web Services, also known as erratic, has been labeled responsible for the Capital One breach affecting about 100M people in the U.S. and 6M in Canada.

Read More


Let’s get this party started. Russian FSB’s secret projects exposed, new Office 365 (O365) phishing campaign underway, universities at risk to phishing, and newly disclosed vulnerabilities, Brushaloader and Watchbog go wild. Oh, and a ProFTP vulnerability hits the streets. FSB contracted breached for 7.5TB A group of hackers named 0v1ru$ have breached Sytech, a contractor for FSB, Russia’s national intelligence service, on July 13, 2019. The group was able to hack into SyTech’s Active Directory server where they accessed the company’s entire network, including a JIRA instance.

Read More


Let’s get going with some of the top threats we’re highlighting this week. Notably, there have been a number of advisories released by different governments related to ongoing campaigns and new critical vulnerabilities. Watch out for DNS hijacking campaigns The UK’s National Cyber Security Centre (NCSC) has released an advisory highlighting a large scale global Domain Name Systems (DNS) hijacking campaign. DNS is the service responsible for translating domain names to IP addresses hosting services.

Read More


This week we’re focusing on breaches. How would you know if you’ve been breached? How would a breach impact your enterprise? Major brands are paying fines for past breaches and technology providers are unaware of compromise – this could impact the viability of their business. We be doing everything we can to be good stewards and detect lingering threats. Major brands fined for fairly recent breaches Two large enterprises are ordered to pay fines this week.

Read More


PCM customer impacted by Office 365 business email compromise Perch now has Office 365 log collection in beta testing. And, in good timing! A breach at large solution provider, PCM Inc., allowed hackers to access Microsoft Office 365 email and file sharing systems for some of the company’s clients. California-based PCM had more than 2,000 customers in 2018. According to Krebs’ sources, attackers stole administrative credentials that PCM uses to manage client accounts within Office 365, a cloud-based file and email sharing service run by Microsoft Corp.

Read More


This week in the threat report, we are stuck in an ongoing Iran-U.S. cyber war shooting range that is moving towards scorched Earth. But not all attackers are out for blood, after GandCrab’s recent retirement, ransomware campaigns pivot to Sodinokibi to cash in on the Bitcoin boom and score moon Lambos. Iran targets U.S. companies in scorched Earth cyber campaign CISA warns of an increase in cyberattacks that utilize destructive wiper tools that targets the U.

Read More


Buckle up, we have a big threat report this week. First, let’s talk about the critical vulnerabilities everyone is talking about, then catch up on some APT news. Then, we’ll get to the fun stuff. Data from U.S. Customs and Border Patrol ended up on the dark Web and Radiohead makes hacking history with response to ransom demands. Critical vulnerability: EXIM If you weren’t aware there was a recently disclosed vulnerability to get code execution on Exim servers locally and remotely.

Read More


There’s a good mix of variety in top news over the last week. Let’s start with an update on the Norwegian MSP hack update. Then take a look at a leaked tool OilRig APT uses to brute force exchange servers. Finally, in crimeware we’re saying goodbye to GandCrab ransomware and hello to Monstercat’s RAT, KPOT Stealer. StonePanda took the heat for RedBravo in Norwegian MSP hack In early February, we spoke about a series of intrusions that were conducted between late-2017 and late-2018 by a Chinese state-sponsored actor against several companies, including a large Norwegian MSP.

Read More