CISA Orders Fed Agencies to Patch Exchange Servers

Hot on the heels of Microsoft’s announcement about active cyber-espionage campaigns that are exploiting four serious security vulnerabilities in Microsoft Exchange Server, the U.S. government is mandating patching for the issues. The news comes as security firms report escalating numbers of relat...

Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs

Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that's known to be actively exploited in the wild. In all, 11 are listed as Critical, 43 are listed as Important, and two are listed as Moderate in severity — six of which are previously disclosed vulnerabilities...

SolarWinds Malware Arsenal Widens with Raindrop

An additional piece of malware, dubbed Raindrop, has been unmasked in the sprawling SolarWinds supply-chain attacks. It was used in targeted attacks after the effort’s initial mass Sunburst compromise, researchers said. The SolarWinds espionage attack, which has affected several U.S. government...

NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0093)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0074)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after- free. We are aware of targeted attack...

Pandemic, A Driving Force in 2021 Financial Crime

Financial cybercrime in 2021 is set to evolve, researchers say, with extortion practices becoming more widespread, ransomware gangs consolidating and advanced exploits being used more effectively to target victims. That’s according to key predictions from Kaspersky. Researchers said the drastic...

IT threat evolution Q3 2020

Targeted attacks MATA: Lazaruss multi-platform targeted malware framework The more sophisticated threat actors are continually developing their TTPs Tactics, Techniques and Procedures and the toolsets they use to compromise the systems of their targets. However, malicious toolsets used to target...

MontysThree: Industrial espionage with steganography and a Russian accent on both sides

In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. Initially the reason for our interest in this malware was its rarity, the obviously targeted nature of the campaign and the fact that there are no...

An overview of targeted attacks and APTs on Linux

Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, theres a widely held opinion that Linux is a secure-by-default operating system that isnt...

IT threat evolution Q2 2020

IT threat evolution Q2 2020. PC statistics IT threat evolution Q2 2020. Mobile statistics Targeted attacks PhantomLance: hiding in plain sight In April, we reported the results of our investigation into a mobile spyware campaign that we call PhantomLance. The campaign involved a backdoor Trojan...

Spam and phishing in Q2 2020

Quarterly highlights Targeted attacks The second quarter often saw phishers resort to targeted attacks, especially against fairly small companies. To attract attention, scammers imitated email messages and websites of companies whose products or services their potential victims could be using. Th...

Lazarus on the hunt for big game

We may only be six months in, but theres little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents...

NewStart CGSL MAIN 6.01 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0036)

The remote NewStart CGSL host, running version MAIN 6.01, has thunderbird packages installed that are affected by multiple vulnerabilities: - By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This...

Threat spotlight: WastedLocker, customized ransomware

WastedLocker is a new ransomware operated by a malware exploitation gang commonly known as the Evil Corp gang. The same gang that is associated with Dridex and BitPaymer. The attribution is not based on the malware variants as WastedLocker is very different from BitPaymer. What was kept was the...

DEBIAN-CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

Race condition

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...

CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird 68.7.0, Firefox 74.0.1, and Firefox ESR 68.6.1...