by CIRT Team
Why ransomware? Let’s ask the bad guys [source: helpnetsecurity]
To be honest, this is not something that should come as a surprise. Many are involved with cybercrime because they feel that they are safe from arrest. It is also one of the few crimes that offer a helpdesk! Indeed within the majority of ransomware demands victims are given the option of communicating with those behind such malicious campaigns. One of the questions we often ask is...
Read More
by CIRT Team
Brute-Force Attack Infects WordPress Sites with Monero Miners[source: bleepingcomputer]
Over the course of the current week, WordPress sites around the globe have been the targets of a massive brute-force campaign during which hackers attempted to guess admin account logins in order to install a Monero miner on compromised sites. The brute-force attack started on Monday morning, 03:00 AM UTC and is still going strong at the time of writing. Brute-force attack targets over 190,000...
Read More
by CIRT Team
A bad wi-fi router flaw led to a responsible disclosure[source: cyberscoop]
Tens of thousands of long-range WiFi routers used to provide home wireless broadband, especially in remote or rural areas, are riddled with vulnerabilities that could let a hacker take over IT networks, security researchers said Tuesday. The vulnerabilities, some of which can be exploited remotely if the router’s management interface is directly connected to the internet, were discovered in Cambium Networks’ ePMP and cnPilot product...
Read More
by CIRT Team
Microsoft Office Docs New Vessel for Loki Malware [source: darkreading]
Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious ‘scriptlets’ to evade detection. A stealthy new attack distributes Loki malware in Microsoft Excel spreadsheets and other Office applications. The attack, which was discovered by Lastline Labs, is tough to detect in its early stages. It bypasses traditional antivirus and is often dismissed as a false positive...
Read More
by CIRT Team
Buyers Beware of Tampered Gift Cards [source: krebsonsecurity]
Prepaid gift cards make popular presents and no-brainer stocking stuffers, but before you purchase one be on the lookout for signs that someone may have tampered with it. A perennial scam that picks up around the holidays involves thieves who pull back and then replace the decals that obscure the card’s redemption code, allowing them to redeem or transfer the card’s balance online after the...
Read More
by CIRT Team
Windows 10 Facial Recognition – Bypassed with a Photo[source: bleepingcomputer]
Microsoft has released updates earlier this month to patch a vulnerability in the Windows 10 Hello facial recognition system that allows an attacker to bypass the facial scan with a printed photo. Windows Hello is a Windows 10-only feature that uses near infrared (IR) imaging to authenticate and unlock Windows devices, such as desktops, laptops, and tablets that use compatible cameras equipped with a near...
Read More
by CIRT Team
Exploited to Deliver a Cracked Version of the Loki Infostealer[source: trendmicro]
The Cobalt hacking group was one of the first to promptly and actively exploit CVE-2017-11882(patched last November) in their cybercriminal campaigns. We uncovered several others following suit in early December, delivering a plethora of threats that included Pony/FAREIT, FormBook, ZBOT, and Ursnif. Another stood out to us: a recent campaign that used the same vulnerability to install a “cracked” version of the information-stealing Loki. Sold in hacking forums as a password and cryptocurrency wallet stealer, Loki can...
Read More
by CIRT Team
Three Malware Campaigns Come Alive for the Holiday Shopping Season[source: bleepingcomputer]
Three malware strains —GratefulPOS, Emotet, and Zeus Panda— have sprung to life with new active campaigns just in time for the holiday shopping season. While GratefulPOS appears to be a new malware strain, the other two, Emotet and Zeus Panda, have just suffered minor updates to allow them to go after online shops more active this time of year. GratefulPOS Of the three, the most...
Read More
by CIRT Team
Too Many People Are Still Using ‘Password’ as a Password[source: motherboard.vice]
For the seventh year in a row, password management security company SplashDatahas scraped password dumps to find the year’s worst passwords. This year’s research was drawn from over five million leaked passwords, not including those on adult sites or from the massive Yahoo email breach. The passwords were mostly held by users in North America and Western Europe. SplashData estimates that nearly 10 percent of people have used...
Read More
by CIRT Team
Cyberespionage Campaign Sphinx Goes Mobile With AnubisSpy [source: trendmicro]
Android malware like ransomware exemplify how the platform can be lucrative for cybercriminals. But there are also other threats stirring up as of late: attacks that spy on and steal data from specific targets, crossing over between desktops and mobile devices. Take for instance several malicious apps we came across with cyberespionage capabilities, which were targeting Arabic-speaking users or Middle Eastern countries. These were published on Google...
Read More
