Proficio logo
Request A Demo

Category: Threat Intel

Method: Linux Malware – GoScanSSH

Researchers at Cisco Talos during an incident response engagement have identified a new malware family being used to compromise SSH servers exposed to the internet, called GoScanSSH. The malware is written in Go, a programming language created at Google in 2009. The infection methods being used were SSH brute force attacks against public facing SSH […]

Method: Android Malware – RottenSys

Android mascot

Researchers at Check Point have identified a new type of mobile adware, called RottenSys, that has infected nearly 5 million devices since 2016. The application disguises itself as a “System Wi-Fi Service” on the Android OS and was likely inserted on the devices before they were purchased. The package has the ability to participate in […]

Vulnerability: Apache – CVE-2017-5638 – Apache Struts Jakarta Parser

In March of 2017, attackers began exploiting a bug in the Apache Struts Jakarta Multipart parser. The attack resulted in attackers being able to execute arbitrary commands on HTTP servers with specially crafted HTTP requests. This vulnerability has recently gained additional buzz because there has been a recently named campaign (Zealot) that uses this vulnerability […]

Attacker: Actor – TEMP.Periscope / Leviathan

The threat actor TEMP.Periscope (FireEye) / Leviathan (Proofpoint) has been observed running targeted spear phishing campaigns against maritime and engineering targets. The threat actors appear to be tied to Chinese espionage. The TTPs of this threat actor are what are normally expected from a state sponsored level threat actor. Some of the interesting tools used […]

Target: Attack – Atlanta Government Ransomware Attack

March 27th – The City of Atlanta is currently dealing with a ransomware attack. The systems are being held ransom for $51,000. The hack has been ongoing for six days. The systems infected had an effect on some of the city’s critical functions including residents unable to pay electric bills, city employees with no email […]

Method: Windows Malware – ThreatKit

March 25th – Researchers at Proofpoint have discovered a new type of exploit kit, called ThreatKit, that allows attackers to craft malicious Office Documents and attempt to exploit CVE-2017-8570, CVE-2017-11882, and CVE-2018-0802. The Word Document comes with an embedded executable that is decoded as a result of successful exploitation of the system. In some instances […]

Proficio Observes New Bluetooth Vulnerabilities

Bluetooth-blue-logo

Proficio has observed several open sources of intelligence that have detailed the release of multiple critical vulnerabilities for Bluetooth and an attack vector utilizing those vulnerabilities known as “BlueBorne.” Here are the details we have gathered so far. BlueBorne Summary Multiple news outlets have reported the discovery of several important vulnerabilities in both the design […]

How to Combat the Rise of “Hacktivism”

In today’s politically charged climate in the United States and around the world, political activists increasingly are putting down their protest signs and going online to carry out cyber attacks in the name of their causes. The combination of hacking and activism is nothing new; the first such attacks date back to the 1980s and […]

Latest Ransomware Attack Cripples Networks Worldwide

world map with network overlaid

For the second time in as many months, hackers have unleashed a massive ransomware attack targeting thousands of computer networks across the world. The latest attack, nicknamed the GoldenEye strain of Petya ransomware, began on Monday June 27 and continued to unfold into Tuesday June 28, officials said. Investigators suspect it originated in the Ukraine […]

Recommended Action for Linux Kernel Vulnerability

Linux-Kernel Logo

Recently, a critical zero day vulnerability in a Linux kernel module was publicized. If successfully exploited on a Linux device, this vulnerability would allow an attacker to potentially execute arbitrary code with escalated privileges. Devices running Linux kernel 3.8 or higher are potentially vulnerable to this bug, meaning millions of Linux devices and around two […]

Targeted Wire Transfer Scams on the Rise

While not new, targeted wire transfer scams are alive and well and we recommend that you check your processes to guard against them. These scams start by targeting corporate executives and attempt to convince their targets to wire funds to accounts controlled by the fraudsters. In one variant of the attack, the scammer will register […]

Sandworm – Microsoft Windows Zero-day Vulnerability

Microsoft logo and laptop with target

What is a Zero-day Vulnerability? A zero-day vulnerability is like a hidden door in a computer program that hackers find before anyone else knows about it and is often times in the program when it ships to customers, unknown to the publishers. Since nobody knows about it, there are zero days to fix it before […]