Salty Seagull: a VSAT Honeynet to Follow the Bread Crumb of Attacks in Ship Networks

Cyber threats against the maritime industry have increased notably in recent years, highlighting the need for innovative cybersecurity approaches. Ships, as critical assets, possess highly specialized and interconnected network infrastructures, where their legacy systems and operational constrain...

Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard previously tracked as NOBELIUM. This latest attack, combined with past activit...

The Bug Report - July 2023 Edition

The Bug Report – July 2023 Edition By Trellix · August 02, 2023 This story was also written by John Dunlap. A Storm is Brewing! Why am I here? Summer is now in full swing, and our July Bug Report is similarly coming out swinging. This month comes with a red-hot list of software vulnerabilities...

Malicious code in poenpyxl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0b8f913f834ea14f29b97ce122ac06dd0188786645132d100b1a8e7b058afb3b Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Digging Deeper – An In-Depth Analysis of a Fast Flux Network

Fast Flux is a DNS technique used by botnets to hide various types of malicious activities, such as phishing, web proxying, malware delivery, and malware communication, behind an ever-changing network of compromised hosts acting as proxies. The Fast Flux network concept was first introduced in...

Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers

More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities. The development, a 43%...

The Nature of Mass Exploitation Campaigns

We’ve all seen the movies where there’s a dark hooded figure sitting behind a keyboard entering a 3D virtualized representation of the internet. Focusing in on their target, the figure sees various bits of information about that person, from their birth date, to headshot of them stepping out of a...

A Deep Dive into Database Attacks [Part II]: Delivery and Execution of Malicious Executables through SQL commands (SQL Server)

An organization’s database servers are frequently the prime target of attackers. We recently started a new research project we named StickyDB to learn more about database hacking, primarily to understand common database attacks, tools and techniques engaged by attackers. To conduct this research,...

Rotten Apples: Apple-like Malicious Phishing Domains

At FireEye Labs we have an automated system designed to proactively detect newly registered malicious domains. This system observed some phishing domains registered in the first quarter of 2016 that were designed to appear as legitimate Apple domains. These phony Apple domains were involved in...

Proofpoint Warns Of New MSIL/Crimson Tied To Cyber Espionage

Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites. Researchers at Proofpoint this week published a report on Operation Transparent Tribe, which was ongoing as of Feb. 11...

Points of Sale Poorly Secured, Facing Sophisticated Attacks

The point-of-sale PoS systems on which financial transactions are conducted at nearly every physical retail location in the U.S. and and beyond are fast becoming a favorite target for sophisticated criminal organizations as well as standalone attackers. The emergence of this trend is unsurprising...

White House Cyberattack Likely Won't Change Anything

So now it’s the White House’s turn. Having taken a swing at just about every other piece of the U.S. government’s network infrastructure, attackers, reportedly based in China, recently targeted a machine on an unclassified network inside the White House Military Office and were able to compromise...