Monday 4/8
This prolific phishing gang is back with new tactics to target executives
A prolific cyber-criminal phishing operation which built a list of 50,000 executives, CFOs and other top financial personnel has expanded its operations with a new database of additional targets. The Business Email Compromise (BEC) group dubbed London Blue distributes phishing emails in an effort to trick organisations into transferring large sums of money into their accounts, often while posing as executives and other senior staff.
https://zd.net/2D0eo5B
How to avoid document-based malware attacks
Document-based malware typically comes in the form of an email attachment that, when opened, automatically runs software hidden in the file or runs a script that pulls it from a remote website, the latter making it much harder to detect since there's no malware code included in the document when it's downloaded.
https://tek.io/2G7w0OS
Cybercriminals Spoof Major Accounting and Payroll Firms in Tax Season Malware Campaigns
These campaigns attempted to deceive recipients into believing they were emailed by large accounting, tax and payroll services firms and carried malicious Microsoft Excel attachments with a payload familiar to us as one of the most common and effective banking Trojans: TrickBot.
https://ibm.co/2G2nr73
Tuesday 4/9
Pharmaceutical giant Bayer targeted by cyberattack, threat ‘contained’
Bayer says that there "is no evidence of data theft," but has not provided any further details on the purpose or scope of the malware. The drug maker did say, however, that the software is the work of a hacking group known as Winnti.
https://zd.net/2U3LBTi
Cybercrime group FIN6 evovles from POS malware to ransomware
A cybercrime group known primarily for hacking retailers and stealing payment card details from point-of-sale (POS) systems has changed tactics and is now also deploying ransomware on infected networks. The group – named FIN6 – has a reputation in the cyber-security field for being one of the most advanced cyber-criminal groups around.
https://zd.net/2uSwcvd
How Citrix Cloud Connector integrates with Cisco infrastructure
Cisco HyperFlex for Citrix Cloud, which Citrix and Cisco made available in December 2018, enables organizations to transition from exclusively on-premises virtual desktop hosting to a hybrid hosting model that lets Citrix handle the management as a cloud service.
http://bit.ly/2UoQkEs
Wednesday 4/10
A Peek Into the Toolkit of the Dangerous ‘Triton’ Hackers
FireEye says it's identified a collection of custom malicious software that the Triton hackers used, tools that allowed the hackers to patiently advance their intrusion as they worked to gain access to the victims' industrial control systems.
http://bit.ly/2VBBLK2
Malware Debugs Itself to Prevent Analysis
When the malware relaunches itself as a child process it does so with the DEBUG_ONLY_THIS_PROCESS flag specified. This causes the parent to act as a debugger to the child, which prevents analysts from attaching their own debugger to get a closer look at what it’s doing. Then, the parent walks through the child’s execution using the WaitForDebugEvent and ContinueDebugEvent API calls for creating a co-dependent relationship between the parent and the child with no room for an additional debugger.
http://bit.ly/2D79HHr
Two out of three hotels accidentally leak guests’ personal data: Symantec
The research showed compromises usually occur when a hotel site sends confirmation emails with a link that has direct booking information. The reference code attached to the link could be shared with more than 30 different service providers, including social networks, search engines and advertising and analytics services.
https://reut.rs/2U8V1gr
Thursday 4/11
Largest Leak in History: Email Data Breach Exposes Over Two Billion Personal Records
Though it technically set a record in terms of data point count, this email data breach is relatively benign compared to other recent data leaks of a similar size. It is worrying that this information was sitting out in the open available to anyone with an internet connection, but it may well have been for a limited time and it is possible that it was not obtained by any potential threat actors.
http://bit.ly/2v0PbUc
McAfee MVISION Cloud Integrates with Google Cloud Platform to Offer Enhanced Security Tool
Generally available today, Cloud SCC is a comprehensive security management and data risk platform for GCP, designed to help security teams prevent, detect and respond to threats from a single-pane-of-glass. It provides visibility in what assets are running in Google Cloud as well as risky misconfigurations, so enterprises can reduce their exposure to threats.
http://bit.ly/2G7yuM3
This new malware is scanning the internet for systems info on valuable targets
Unlike MongoLock and Xbash, Xwo doesn't have any ransomware, cryptocurrency mining or any other similar money-making capabilities: it's main focus is scanning for credentials and exposed services and sending information back to its command and control server.
https://zd.net/2X4pRJa
Friday 4/12
Internet Explorer zero-day lets hackers steal files from Windows PCs
The vulnerability resides in the way Internet Explorer processes MHT files. MHT stands for MHTML Web Archive and is the default standard in which all IE browsers save web pages when a user hits the CTRL+S (Save web page) command.
https://zd.net/2UQSLPf
Emotet hijacks email conversation threads to insert links to malware
Users involved in the previous email exchanges would receive an email spoofed to appear from one of their previous correspondents, but actually coming from Emotet servers. The email conversation thread would be left intact, but the Emotet gang would insert an URL at the top of the email that would link to an Emotet-infected file, or attach a malicious document to the existing email thread.
https://zd.net/2IunnQ0