ATTACKER – Dark Tequila banking campaign hits Mexico
An active financial malicious campaign dubbed “Dark Tequila” heavily targeting Mexico since at least 2013 has been recently analyzed by the Kaspersky Lab researchers. According to reports, the malware primarily aims at stealing sensitive information, including but not limited to financial data, login credentials to popular websites, domain registers and file storage accounts. Five operational […]
TARGET – Cosmos Global Bank Hack
Cosmos Bank, a co-operative bank based in India with an over 100 year-old history was hit with a globally coordinated attack between August 11th to August 13th. Attackers appeared to coordinate with what is suspected to be several individuals to siphon $13.4 million dollars (Rs 94 crore). Although many details are not confirmed regarding the […]
METHOD – Business Email Compromise Statistics from FBI
Business email compromise (BEC) / email account compromise (EAC) is a scam where a combination of social engineering and computer intrusion techniques are used to obtain a transfer of funds from an organization. Lately, sophisticated / targeted social engineering and compromised email accounts have been used to conduct these attacks. According to the FBI, the […]
TARGET – GoDaddy information Exposed on Amazon AWS Cloud
Researchers at UpGuard recently discovered a data breach affecting GoDaddy, considered the world’s largest domain name registrar and web host by market share to date. The leaked information was found in June on a publicly accessible AWS S3 bucket named “abbottgodaddy” and referenced the company’s infrastructure running in the Amazon AWS cloud. Majority of the […]
VULNERABILITY – Symfony Component Vulnerability Impacting Drupal
In April of this year, attackers began exploiting two critical vulnerabilities in Drupal, a common open source website content-management system. The vulnerabilities were dubbed Drupalgeddon2 (CVE-2018-7600) and Drupalgeddon3 (CVE-2018-7602). This month, a new flaw was recently discovered in Drupal, this time residing in Symfony HttpFoundation, a component of a third party library used in Drupal […]
METHOD – The Ramnit Trojan Family Evolution Within the “Black” Botnet Campaign
Researchers at Check Point warned a much larger attack could follow the so-called “Black” botnet campaign. This campaign was uncovered between May-July 2018 and used the Ramnit Trojan to create a network of malicious proxy servers operating as a high-centralized botnet or as independent botnets. To date, over 100,000 computers have been infected, researchers said. […]
METHOD – Law Office Credentials on the Dark Web
CNBC has reported that access to various law firms’ files and networks are being sold on the Dark Web. In one particular example, access to a New York City law firm was being sold for $3,500 and the individual or group offering access stated they could give screenshots as evidence of the break in. According […]
ATTACKER – Leafminer Expanding Operations to Target United States ICS Entities
In July of 2018, the threat actor Leafminer was detailed by Symantec as having targeted a list of government organizations and business verticals in the Middle East since at least early 2017. The article also detailed several aspects of how the attacker attempted to breach targets. One method detailed was the attackers using “file://” URLs […]
Method: SIM Swapping Used to Target Cryptocurrency Entrepreneurs
Police in California arrested a 20 year old from Boston at Los Angeles International Airport on his way to Europe. The individual, Joel Ortiz, was accused of targeting cryptocurrency entrepreneurs by compromising their two factor authentication hosted on their mobile phone number by a method called SIM swapping. The results of his activities are rumored […]
TARGET: Valve Game in Marketplace Distributed Cryptocurrency Miner
Valve pulled the game “Abstractism” from the Steam store after several sources on the internet stated the game was suspected to contain a cryptocurrency-mining bot. Youtube user SidAlpha and other bloggers on the internet flagged the game for very suspicious behavior such as the gaming package being flagged by antivirus software, the authors stating that […]
METHOD: Scammers Use Breached Personal Data in Phishing Campaigns
Scammers often use a wide spectrum of social engineering methods when persuading potential victims to follow the desired course of action. Recent campaigns are using details gathered in mass breaches such as passwords, email addresses, and other personal information gained from past data compromises. Such example of scams include: 1) Personalized Porn Extortion Scam […]
VULNERABILITY: New Bluetooth Hack Affects Millions of Devices from Major Vendors
A bluetooth vulnerability tracked as CVE-2018-5383 has been found affecting bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange. The vulnerability affects firmwares or operating system software drivers from major vendors like Apple, Broadcom, Intel and Qualcomm while the implication […]
