Author Archives: David Bisson

New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers

Some new variants of the Agent Tesla infostealer family are capable of stealing data from multiple VPN clients and web browsers. SentinelOne observed that attackers continue to deploy Agent Tesla across various stages of their operations, as this malware enables criminals with even low levels of technical expertise to manipulate and manage their victims’ infected […]… Read More

The post New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers appeared first on The State of Security.

Phishers Send Out Fake cPanel Security Vulnerabilities Advisory

Fraudsters launched a new phishing attack in which they sent out a fake cPanel advisory warning recipients about fabricated security vulnerabilities. On August 5, cPanel and WebHost Manager (WHM) users began reporting of having received a fake advisory that appeared to have originated from the company. The fake advisory informed recipients that cPanel had released […]… Read More

The post Phishers Send Out Fake cPanel Security Vulnerabilities Advisory appeared first on The State of Security.

Emotet Botnet Named ‘Most Wanted Malware’ for July 2020

The Emotet botnet earned the title of “most wanted” malware family for the month of July 2020 following a period of inactivity. Check Point revealed that Emotet threat activity had affected 5% of organizations worldwide in July 2020, thereby earning the malware the top spot in the security firm’s Global Threat Index for that month. […]… Read More

The post Emotet Botnet Named ‘Most Wanted Malware’ for July 2020 appeared first on The State of Security.

Phishing Campaign Leads Users to Site Disguised as Email Scanner

A phishing campaign tricked users into visiting a website that masqueraded as an email scanner in an effort to steal their account credentials. Kaspersky Lab found that the campaign began with a scam email containing a fake virus alert. This email claimed to originate from an organization’s “Email Security Team,” but it actually originated from […]… Read More

The post Phishing Campaign Leads Users to Site Disguised as Email Scanner appeared first on The State of Security.

FBI: Continued Use of Windows 7 Poses Security Risks Given EOL Status

The Federal Bureau of Investigations (FBI) warned of the security risks that organizations face if they continue to use the Windows 7 operating system despite its end of life (EOL) status. In a private industry notification published on August 3, the FBI explained that it had witnessed computer criminals exploiting operating systems that had achieved […]… Read More

The post FBI: Continued Use of Windows 7 Poses Security Risks Given EOL Status appeared first on The State of Security.

Moldovan National Pleaded Guilty to Role in Digital Crime Enterprise

A national of the Republic of Moldova pleaded guilty to his role in a digital crime enterprise that caused hundreds of millions of dollars in losses. On July 31, Valerian Chiochiu (aka “Onassis,” “Flagler,” “Socrate,” and “Eclessiastes”), 30, pleaded guilty to a charge of conspiracy under the Racketeer Influenced and Corrupt Organizations (RICO) Act before […]… Read More

The post Moldovan National Pleaded Guilty to Role in Digital Crime Enterprise appeared first on The State of Security.

Belarus Announces Arrest of GandCrab Ransomware Distributor

Government officials in Belarus announced they had arrested an individual on charges of having helped to distribute GandCrab ransomware. On July 30, the Ministry of Internal Affairs (MIA) of the Republic of Belarus revealed that it had arrested a 31-year-old resident of Gomel in cooperation with the United Kingdom and Romania. An investigation into the […]… Read More

The post Belarus Announces Arrest of GandCrab Ransomware Distributor appeared first on The State of Security.

Phishing Email Uses Google Ad Redirect to Steal Microsoft Credentials

Security researchers came across a phishing email that used a Google Ad redirect as a part of its efforts to steal victims’ Microsoft credentials. Cofense found that the email originated from the legitimate email address “info@jtpsecurity[.]co[.]za.” The security firm reasoned that attackers had compromised that email account and abused their access to target employees in […]… Read More

The post Phishing Email Uses Google Ad Redirect to Steal Microsoft Credentials appeared first on The State of Security.

FBI Releases Flash Alert on Netwalker Ransomware

The Federal Bureau of Investigations (FBI) released a flash alert in which it warned organizations about the dangers of Netwalker ransomware. On July 28, the FBI revealed in Flash Alert MI-000130-MW that it had received notifications of attacks involving Netwalker against U.S. and foreign government organizations along with entities operating in the healthcare and education […]… Read More

The post FBI Releases Flash Alert on Netwalker Ransomware appeared first on The State of Security.

Dussman Group Subsidiary Struck by Ransomware that Leaked Its Data

A subsidiary of the Dussman Group suffered a ransomware infection in which malicious actors stole and publicly leaked its data. As reported by Bleeping Computer, the operators of Nefilim ransomware made good on a promise made back in March to begin publishing victims’ stolen information by updating their data leaks website with a post entitled […]… Read More

The post Dussman Group Subsidiary Struck by Ransomware that Leaked Its Data appeared first on The State of Security.

Phishers Using Fake Sharepoint Messages to Target Office 365 Details

Phishers leveraged fake automated messages from collaborative platform Sharepoint as a means to target users’ Office 365 credentials. Abnormal Security found that the phishing campaign began with an attack email that appeared to be an automated message from Sharepoint. To add legitimacy to this ruse, the attackers used spoofing techniques to disguise the sender as […]… Read More

The post Phishers Using Fake Sharepoint Messages to Target Office 365 Details appeared first on The State of Security.

CISA, NSA Lay Out Recommendations for Protecting OT Assets

The Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) laid out a series of recommendations for critical infrastructure owners and operators to protect their operational technology (OT) assets. In an alert published on July 23, CISA published an alert in which it recognized malicious actors’ growing willingness to target OT assets. […]… Read More

The post CISA, NSA Lay Out Recommendations for Protecting OT Assets appeared first on The State of Security.

Multi-Platform Malware Framework ‘MATA’ Claimed Victims Worldwide

Security researchers discovered a multi-platform malware framework called “MATA” that had succeeded in targeting victims worldwide. On Securelist, Kaspersky Lab revealed that it had shared its discovery of MATA with its Threat Intelligence Portal customers. The Russian security firm explained in its analysis that the first artifacts pertaining to MATA emerged back in April 2018. […]… Read More

The post Multi-Platform Malware Framework ‘MATA’ Claimed Victims Worldwide appeared first on The State of Security.