Proficio logo
Request A Demo

Category: Threat Intel

VULNERABILITY – Symfony Component Vulnerability Impacting Drupal

Drupal logo

In April of this year, attackers began exploiting two critical vulnerabilities in Drupal, a common open source website content-management system. The vulnerabilities were dubbed Drupalgeddon2 (CVE-2018-7600) and Drupalgeddon3 (CVE-2018-7602). This month, a new flaw was recently discovered in Drupal, this time residing in Symfony HttpFoundation, a component of a third party library used in Drupal […]

METHOD – The Ramnit Trojan Family Evolution Within the “Black” Botnet Campaign

Life size Trojan Horse

Researchers at Check Point warned a much larger attack could follow the so-called “Black” botnet campaign. This campaign was uncovered between May-July 2018 and used the Ramnit Trojan to create a network of malicious proxy servers operating as a high-centralized botnet or as independent botnets. To date, over 100,000 computers have been infected, researchers said. […]

METHOD – Law Office Credentials on the Dark Web

Balance in a courtroom

CNBC has reported that access to various law firms’ files and networks are being sold on the Dark Web. In one particular example, access to a New York City law firm was being sold for $3,500 and the individual or group offering access stated they could give screenshots as evidence of the break in. According […]

ATTACKER – Leafminer Expanding Operations to Target United States ICS Entities

Group of people in the same mask

In July of 2018, the threat actor Leafminer was detailed by Symantec as having targeted a list of government organizations and business verticals in the Middle East since at least early 2017. The article also detailed several aspects of how the attacker attempted to breach targets. One method detailed was the attackers using “file://” URLs […]

Method: SIM Swapping Used to Target Cryptocurrency Entrepreneurs

Tough Choices on Budgeting

Police in California arrested a 20 year old from Boston at Los Angeles International Airport on his way to Europe. The individual, Joel Ortiz, was accused of targeting cryptocurrency entrepreneurs by compromising their two factor authentication hosted on their mobile phone number by a method called SIM swapping. The results of his activities are rumored […]

TARGET: Valve Game in Marketplace Distributed Cryptocurrency Miner

abstractism logo

Valve pulled the game “Abstractism” from the Steam store after several sources on the internet stated the game was suspected to contain a cryptocurrency-mining bot. Youtube user SidAlpha and other bloggers on the internet flagged the game for very suspicious behavior such as the gaming package being flagged by antivirus software, the authors stating that […]

METHOD: Scammers Use Breached Personal Data in Phishing Campaigns

Scammers often use a wide spectrum of social engineering methods when persuading potential victims to follow the desired course of action. Recent campaigns are using details gathered in mass breaches such as passwords, email addresses, and other personal information gained from past data compromises. Such example of scams include:   1) Personalized Porn Extortion Scam […]

VULNERABILITY: New Bluetooth Hack Affects Millions of Devices from Major Vendors

Bluetooh logo

A bluetooth vulnerability tracked as CVE-2018-5383 has been found affecting bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange. The vulnerability affects firmwares or operating system software drivers from major vendors like Apple, Broadcom, Intel and Qualcomm while the implication […]

Attacker: Corporate iPhones Attacked in MDM Campaign

Person holding smart phone with skull on screen

This month security organizations and researchers discovered an attack that utilizes Apple’s popular and open source Mobile Device Management (MDM) system for iPhones. The MDM suite allows enterprises to conveniently deploy and manage employees’ iPhones remotely. The attackers in this campaign appear to have used social engineering to persuade unsuspecting users to enroll in MDM […]

TARGET: SingHealth Patient Data Breach

Singapore authorities reported on a cyber-attack affecting SingHealth, the largest group of healthcare institutions in Singapore. This cyber-attack is the largest known cyber-attack targeting organizations based in Singapore that has been reported by Singapore news media. The cyber-attack appears to have resulted in a data breach affecting around 1.5 million patients who visited SingHealth between […]

ATTACKER: Actors Behind Blackgear Campaign Update C2 Methods

Who or What is Blackgear? Blackgear, also known as Topgear and Comnie, is a cyberespionage campaign that has been active since at least 2008. It primarily targets organizations within Japan, South Korea, and Taiwan, focusing on sectors like public administration and high-technology industries. Blackgear is known for its sophisticated use of malware tools, such as […]

TARGET: Labcorp Ransomware Attack

Person in hooded sweatshirt holding picture with the word ransom on it

LabCorp, one of the largest clinical laboratory networks in the US, reported to the SEC that it had many of its assets infected with ransomware. The 50 minute attack that occurred on July 13th beginning at midnight was suspected to be caused by the attackers entering the network via brute force with public RDP and […]