Researchers spotted a malspam campaign that targeted German organizations with samples of the Buran crypto-ransomware family. In early October, Bromium observed a malspam campaign whose emails impersonated online fax service eFax. The emails contained hyperlinks to a PHP page that served up malicious Word documents. This technique helped the Word documents evade detection, as they […]… Read More
The post Malspam Campaign Targeted German Organizations with Buran Ransomware appeared first on The State of Security.
Researchers have detected a new phishing campaign that uses some clever tricks in order to steal users’ Stripe credentials. Cofense discovered the campaign when it came across an attack email that pretended to originate from “Stripe Support.” The message informed recipients that their account contained invalid details and that it was therefore scheduled to be […]… Read More
The post Phishing Campaign Uses Clever Tricks to Steal Stripe Credentials appeared first on The State of Security.
Researchers discovered a new cryptojacking worm called “Graboid” that has spread to more than 2,000 unsecured Docker hosts. In its research, Palo Alto Networks’ Unit 42 team noted that it’s the first time it’s discovered a cryptojacking worm specifically using containers in the Docker Engine for distribution. (It’s not the first time that cryptojacking malware […]… Read More
The post Graboid Cryptojacking Worm Has Struck Over 2K Unsecured Docker Hosts appeared first on The State of Security.
Digital fraudsters are using compromised servers and bogus links in an ongoing effort to target LinkedIn members with scams. The scam began when a Sophos employee received what it appeared to be an unexceptional email from someone they know in real life and with whom they keep in touch on LinkedIn. The body of the […]… Read More
The post Scammers Using Hacked Servers, Bogus Links to Target LinkedIn Users appeared first on The State of Security.
The Methodist Hospitals, Inc. revealed that a phishing attack potentially affected the information of approximately 68,000 patients. According to its Notice of Data Incident, the non-profit healthcare system located in Gary, Indiana detected unusual activity involving an employee’s email account back in June 2019. The Methodist Hospitals (‘Methodist’) responded by launching an investigation into what […]… Read More
The post Phishing Attack Possibly Affected 68K Patients of The Methodist Hospitals appeared first on The State of Security.
Normally it works like this. Someone gets infected by ransomware, and then they pay the ransom. The victim then licks their wounds and hopefully learns something from the experience. And that’s what happened to Tobias Frömel, a German developer and web designer who found himself paying a Bitcoin ransom of 670 Euros (US $735) after […]… Read More
The post Ransomware victim hacks attacker, turning the tables by stealing decryption keys appeared first on The State of Security.
A new sextortion scam variant is using a wallet for a cryptocurrency other than bitcoin in an attempt to evade detection. On October 8, Cofense revealed it had detected a modified sextortion scam that was using a wallet address for Litecoin instead of bitcoin. The variant thereby differentiated itself from earlier sextortion campaigns detected by […]… Read More
The post New Sextortion Scam Uses Alternative Cryptocurrencies to Evade Detection appeared first on The State of Security.
Instagram announced the release of a new feature that’s designed to help its users identify phishing emails impersonating the social media platform. On October 7, Instagram tweeted out about the new capability and said that users can leverage it to verify whether an email claiming to originate from the social network is legitimate. Heads up: […]… Read More
The post Instagram Launches New Feature to Help Users Identify Phishing Emails appeared first on The State of Security.
The developer of HildaCrypt has released the master decryption keys that would allow potential victims of the ransomware to recover their data for free. On October 4, a security researcher who goes by the name “GrujaRS” posted about the discovery of a new variant of STOP, a well–known ransomware family. New #Stop (Djvu) #Ransomware extension […]… Read More
The post Decryption Keys Released by Developer of HildaCrypt Ransomware appeared first on The State of Security.
Three restaurant chains based in the United States have revealed they suffered security incidents that affected customers’ payment card information. On October 2, three subsidiaries of Focus Brands–Moe’s Southwest Grill, McAlister’s Deli and Schlotzsky’s–published near-identical copies of a security incident notice. These statements revealed that the restaurants had nearly finished investigating security incidents of which […]… Read More
The post Payment Card Security Incidents Disclosed by Three U.S. Restaurant Chains appeared first on The State of Security.
The FBI has some unambiguous advice for organisations on how they should handle ransomware demands:
The post FBI: Don’t pay ransomware demands, stop encouraging cybercriminals to target others appeared first on The State of Security.
A series of operational security (OpSec) failures on the part of attackers enabled researchers to discover the Geost botnet. In mid-2018, Virus Bulletin researchers Sebastian Garcia, María José Erquiaga and Anna Shirokova discovered Geost, one of the largest Android banking botnets known today, while analyzing another malware family called HtBot. The researchers found that HtBot […]… Read More
The post Discovery of Geost Botnet Made Possible by Attacker OpSec Fails appeared first on The State of Security.
Digital criminals have launched a new attack campaign that they’re using to target U.S. petroleum companies with the Adwind RAT. Netskope discovered the operation in the beginning of September and found that it was distributing the Adwind RAT from “members[.]westnet[.]com[.]au/~joeven/.” With this URL in mind, it’s likely that the individual responsible for the campaign either […]… Read More
The post Attackers Targeting U.S. Petroleum Companies with Adwind RAT appeared first on The State of Security.
A Danish company revealed that the costs associated with what appears to be a ransomware attack could reach as much as $95 million. Demant, a Danish manufacturer of hearing aids, suffered a “critical incident” that affected its IT infrastructure on 3 September. The company’s IT team responded by shutting down multiple systems across multiple locations […]… Read More
The post Danish Firm Says Costs of Apparent Ransomware Attack Could Reach $95M appeared first on The State of Security.
A malvertising actor known as “eGobbler” used obscure browser bugs to bypass built-in browser protections and expand the scope of its attacks. Confiant observed eGobbler exploiting the first vulnerability back on April 11, 2019. In that particular attack, the threat actor leveraged a Chrome exploit to circumvent the browser’s pop-up blocker built into iOS devices. […]… Read More
The post eGobbler Malvertiser Bypassed Browser Protections Using Obscure Bugs appeared first on The State of Security.
Samples of a new malware family called “Divergent” are using both NodeJS and WinDivert in a series of fileless attack campaigns. Cisco Talos didn’t identify the exact delivery method for Divergent. Even so, its researchers observed that the samples they analyzed staged and stored configuration date on the registry like other fileless malware. They also […]… Read More
The post Divergent Malware Using NodeJS, WinDivert in Fileless Attacks appeared first on The State of Security.
An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers. Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party […]… Read More
The post WordPress sites hacked through defunct Rich Reviews plugin appeared first on The State of Security.
Digital criminals used percentage-based URL encoding to help their phishing campaign evade detection by secure email gateways. In mid-September, the Cofense Phishing Defense Center came across a phishing email that originated from a compromised email account for a recognizable American brand. The message informed recipients that they had a new invoice awaiting payment. Under that […]… Read More
The post Percentage-Based URL Encoding Used by Phishers to Evade Detection appeared first on The State of Security.
Security researchers have released decryption tools which victims of two different ransomware families can use to recover their files for free. On 25 September, Kaspersky Lab unveiled decryptors for both the Yatron and FortuneCrypt crypto-ransomware families. In its analysis of the first threat, the Russian security firm found that Yatron derived much of its code […]… Read More
The post Free Decryptors Released for Two Ransomware Families appeared first on The State of Security.
Security researchers have determined that over 12,000 variants of the WannaCry ransomware family are preying upon users in the wild. Sophos attributed this rise of variants to threat actors taking the original 2017 WannaCry binary and modifying it to suit their needs. These versions have subsequently produced numerous infection attempts. In August 2019, for instance, […]… Read More
The post Over 12,000 WannaCry Variants Detected in the Wild appeared first on The State of Security.
A new crypto-ransomware threat called “TFlower” is targeting corporate environments via exposed Remote Desktop Services (RDS). First discovered in August, the ransomware makes its way onto a corporate network after attackers hack into a machine’s exposed Remote Desktop Services. This attack vector enables bad actors to infect the local machine with TFlower. At that point, […]… Read More
The post TFlower Ransomware Targeting Businesses via Exposed RDS appeared first on The State of Security.
The actors responsible for the Emotet botnet returned after a four-month period of inactivity with a new malspam campaign. On 16 September, SpamHaus security researcher Raashid Bhat spotted a spate of new spam emails written in Polish or German that contained malicious attachments or links to malware downloads. Emotet is fully back in action and […]… Read More
The post Emotet Botnet Returns After Four-Month Hiatus With New Spam Campaign appeared first on The State of Security.
A new spam campaign is attempting to infect German-speaking users with samples of the destructive Ordinypt malware family. According to Bleeping Computer, the campaign sent spam emails masquerading as a job application from someone named Eva Richter. These messages supported this claim by using the subject line “Bewerbung via Arbeitsagentur – Eva Richterwhich,” which translates […]… Read More
The post Spam Campaign Targeting German Users with Ordinypt Malware appeared first on The State of Security.
The COBALT DICKENS threat group stayed busy over the summer by launching a new global phishing operation targeting universities. In July and August 2019, Secureworks’ Counter Threat Unit (CTU) researchers observed COBALT DICKENS using compromised university resources to send out library-themed phishing emails. These emails differed from those used in the Iranian threat group’s previous […]… Read More
The post COBALT DICKENS Launched New Phishing Operation against Universities appeared first on The State of Security.
The Federal Bureau of Investigation (FBI) found that business email compromise (BEC) scams cost victims a combined total of $26 billion in losses over a three-year period. On 10 September, the FBI’s Internet Crime Complaint Center (IC3) published a public service announcement in which it revealed that BEC scams had caused $26,201,775,589 in global losses. […]… Read More
The post BEC Scams Cost Victims $26B over a Three-Year Period, Finds FBI appeared first on The State of Security.
A district within the Rockford Public Schools (RPS) system has confirmed it suffered a ransomware attack that affected parts of its network. On 6 September, District 205 of RPS posted a statement on Facebook in which it noted that its Internet, phones and information systems used to track attendance and student records were down. The […]… Read More
The post District in Rockford Public Schools Confirms Ransomware Attack appeared first on The State of Security.
Digital attackers created a fake PayPal website to distribute samples of a new variant of the Nemty crypto-ransomware family. Security researcher nao_sec uncovered the ransomware variant after they came across a fake PayPal website. This site promised users a return of 3-5 percent for making purchases through its payment system. But its primary purpose was […]… Read More
The post Fake PayPal Website Distributes New Variant of Nemty Ransomware appeared first on The State of Security.
The Alaskan city of Unalaska has recovered approximately $2.3 million after digital fraudsters targeted it with a phishing attack. Erin Reinders, city manager of Unalaska, revealed that the municipality had recovered $2,347,544.43 on 22 August. That amount constituted a large part of the $2,985,406.10 total which the City had sent to scammers. Per Reinders’ comments, […]… Read More
The post Unalaska Recovers $2.3 Million Following Phishing Attack appeared first on The State of Security.
Digital criminals demanded $5.3 million in ransom from the City of New Bedford, Massachusetts following a ransomware attack. Jon Mitchell, Mayor of New Bedford, explained in a press briefing that the ransom demand came shortly after the City’s Management Information Systems (MIS) staff detected a ransomware attack in the early morning hours of 5 July […]… Read More
The post Ransomware Attackers Demanded $5.3M from City of New Bedford appeared first on The State of Security.
Security researchers spotted a phishing campaign that used SharePoint to bypass email gateway and other perimeter technologies. Cofense learned of the campaign after it analyzed an attack email sent from a compromised account @independentlegalassessors.co.uk. The email asked the recipient to review a proposed document by clicking on an embedded URL. In this particular instance, bad […]… Read More
The post Phishing Campaign Used SharePoint to Bypass Email Perimeter Tech appeared first on The State of Security.
Google has decided to expand the scope of one of its bug bounty programs as well as launch another security rewards initiative. On 29 August, Android Security & Privacy team members Adam Bacchus, Sebastian Porst, and Patrick Mutchler announced that the Google Play Security Reward Program (GPSRP) will now cover all Google Play apps with […]… Read More
The post Google Expands Scope of One Bug Bounty Program, Launches Another appeared first on The State of Security.