by CIRT Team
New Bluetooth vulnerabilities expose billions of devices [source: siliconangle]
Billions of Bluetooth-enabled devices are exposed to a number of recently discovered vulnerabilities that allow a hacker to access and take control of devices, install malware and undertake other malicious activities, according to newly published research. Discovered by security firm Armis Labs Inc. and dubbed “BlueBorne,” the vulnerability affects major mobile, desktop, and IoT operating systems, including Android, iOS, Windows and Linux. It’s spread over the air and...
Read More
by CIRT Team
Other 26,000 MongoDB servers hit in a new wave of ransom attacks [source: securityaffairs]
Security researchers Dylan Katz and Victor Gevers confirmed other 26,000 MongoDB servers were hit in a new wave of ransom attacks. Ransom attacks on MongoDB databases revamped over the weekend after an apparent pause. According to the security researchers Dylan Katz and Victor Gevers, three new groups appeared on the threat landscape and hijacked over 26,000 servers, one of them, in particular, is responsible for hijacking 22,000 machines. EMAIL ADDRESS VICTIMS RANSOM...
Read More
by CIRT Team
SynAck Ransomware Sees Huge Spike in Activity [source: bleepingcomputer]
Over the past two days, there was an increase in activity from a relatively unknown ransomware strain named SynAck, according to victims who sought assistance in the Bleeping Computer ransomware support forums and from submissions to the ID-Ransomware service. This particular ransomware strain — named SynAck or Syn Ack — was first spotted on August 3 and experts quickly determined that they were looking at a...
Read More
by CIRT Team
Dragonfly: Western energy sector targeted by sophisticated attack group [source: symantec]
The energy sector in Europe and North America is being targeted by a new wave of cyber attacks that could provide attackers with the means to severely disrupt affected operations. The group behind these attacks is known as Dragonfly. The group has been in operation since at least 2011 but has re-emerged over the past two years from a quiet period following exposure by Symantec and a...
Read More
by CIRT Team
A360 Drive Abused to Deliver Adwind, Remcos, Netwire RATs [source: trendmicro]
Cloud-based storage platforms have a history of cybercriminal abuse, from hosting malicious files and directly delivering malware to even making them part of a command-and-control (C&C) infrastructure. GitHub was misused this way when the Winnti group used it as a conduit for its C&C communications. We saw a similar—albeit a lot simpler and less creative—attack on Autodesk® A360, comparable to the way file-sharing sites are being used to host...
Read More
by CIRT Team
Malspam pushing Locky ransomware tries HoeflerText notifications [source: sans.edu]
During past two weeks or so, we’ve seen plenty of botnet-based malicious spam (malspam) pushing Locky ransomware. In recent days, I’ve noticed multiple waves of malspam every weekday. It gets a bit boring after a while, but as 2017-08-31 came to a close, I noticed a different technique from this malspam. Today’s malspam had links to fake Dropbox pages. If you viewed the pages in...
Read More
by CIRT Team
Active ransomware attack uses impersonation and embedded advanced threats [source: barracuda]
In the last 24 hours, the Barracuda advanced security team has observed about 20 million attempts at a ransomware attack through an email attachment “Payment_201708-6165.7z.” In this attack, the source of the email is a spoofed address, and the attachment name and number is included in the subject line and body of the message. The full subject line in this example is “Emailing: Payment_201708-6165” and...
Read More
by CIRT Team
RIG exploit kit distributes Princess ransomware [source: malwarebytes]
We have identified a new drive-by download campaign that distributes the Princess ransomware (AKA PrincessLocker), leveraging compromised websites and the RIG exploit kit. This is somewhat of a change for those tracking malvertising campaigns and their payloads. We had analyzed the PrincessLocker ransomware last November and pointed out that despite similarities with Cerber’s onion page, the actual code was much different. A new payment page seemed to have...
Read More
by CIRT Team
Cobian RAT – A backdoored RAT [source: zscaler]
The Zscaler ThreatLabZ research team has been monitoring a new remote access Trojan (RAT) family called Cobian RAT since February 2017. The RAT builder for this family was first advertised on multiple underground forums where cybercriminals often buy and sell exploit and malware kits. This RAT builder caught our attention as it was being offered for free and had lot of similarities to the njRAT/H-Worm...
Read More
by CIRT Team
Mining Adminers – Hackers Scan the Internet For DB Scripts [source: blog.sucuri]
Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible to scan the whole internet with 330+ million domains and billions of web pages. Even Google can’t do it, but hackers are always getting better at reconnaissance. Despite these limitations, scanning just 1% of the internet allows...
Read More
