China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure

The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region. "The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware," Kaspersky researchers Den...

MGM attack is too late a wake-up call for businesses, says James Fair: Lock and Code S04E22

This week on the Lock and Code podcast… In September, the Las Vegas casino and hotel operator MGM Resorts became a trending topic on social media… but for all the wrong reasons. A TikTok user posted a video taken from inside the casino floor of the MGM Grand—the companys flagship hotel complex ne...

Midnight Blizzard conducts targeted social engineering over Microsoft Teams

Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard previously tracked as NOBELIUM. This latest attack, combined with past activit...

Italian Users Warned of Malware Attack Targeting Sensitive Information

A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. "The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto...

WIP19 targets IT service providers and telcos with custom malware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary WIP19, a Chinese APT group is using legitimate and stolen certificates to sign malware, such as SQLMaggie, ScreenCap, and a credential dumper which it then used to target telecommunications and IT service...

Bogus job offers hide trojanised open-source software

Microsoft researchers are warning of fake job offers where the only actual compensation available is a golden handshake of malware and trickery. The campaign targets those with technical know-how because, despite what some may think, scams are for everybody, not just people unfamiliar with tech...

Free HermeticRansom Ransomware Decryptor Released

A free decryptor is out to unlock a ransomware found piggybacking on the HermeticWiper data wiper malware that ESET and Broadcom’s Symantec discovered targeting machines at financial, defense, aviation and IT services outfits in Ukraine, Lithuania and Latvia last week. The fact that there was...

What is a Supply Chain Attack ❓

Presentation The Kaseya cyberattack disturbed more than 1,000 organizations over the Fourth of July weekend and may end up being perhaps the greatest hack ever. It’s additionally a typical case of an “Supply Chain” hack: a sort of cyberattack where hoodlums target programming merchants or IT...

Iranian targeting of IT sector on the rise

Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain...

Iranian targeting of IT sector on the rise

Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain...

City of Liège hit by ransomware, Ryuk suspected

Liège, the third largest city in Belgium, and a major educational hub, has been hit by a ransomware attack, disrupting its IT services and network. The municipality of Lieges official website, which was translated from the French. According to its official website pictures above: The City of Lièg...

Campari Site Suffers Ransomware Hangover

Italian spirits brand Campari has restored its company website following a recent ransomware attack. According to the ransom note, the group behind the breach used Ragnar Locker to encrypt most of Campari’s servers and was holding the data hostage for $15 million in Bitcoin. Campari Group is behi...

Threat Actor Impersonates USPS to Deliver Backdoor Malware

A new threat actor has been found impersonating the U.S. Postal Service USPS and other government agencies to deliver and install backdoor malware to various organizations in Germany, Italy and the United States, according to new research. The campaigns, which researchers from cybersecurity firm...

Panda Threat Group Mines for Monero With Updated Payload, Targets

The Panda threat group, best known for launching the widespread and successful 2018 “MassMiner” cryptomining malware campaign, has continued to use malware to mine cryptocurrency in more recent attacks. A fresh analysis of the group reveals Panda has adopted a newly-updated infrastructure, payloa...

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

By Christopher Evans and David Liebenberg. Executive summary A new threat actor named "Panda" has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools RATs and illicit cryptocurrency-mining malware. This is far from the most sophisticated actor...

India's Startup Story - The Future of India's Digital Economy

India's goal of reaching a $1 trillion digital economy by 20221 is said to be fuelled, in part, by the spurt in the growth of startups across the country. The number of Internet users in India is growing at an enormous rate with close to 500 million internet users today2. Indians are at the...

ThreatList: Supply-Chain Defenses Need Improvement

Although nearly 80 percent of respondents in a recent survey believe software supply-chain attacks have the potential to become one of the biggest cyber threats over the next three years, few organizations are prepared to mitigate the risks. This state of affairs comes as businesses lose millions...

Further Down the Trello Rabbit Hole

Last month's story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests a large number of government agencies, marketing firms, healthcare organizations and IT support...

Orangeworm Targeting Healthcare Industry since 2015 Now Exposed

Operating since 2015, a threat group dubbed Orangeworm has been newly attributed to hacking and infiltrating healthcare groups around the world. Companies specifically targeted include hospitals, healthcare providers, pharmaceuticals, IT services firms serving the healthcare industry, and more...

Tuleap 9.17.99.189 - Blind SQL Injection

=============================================================================== title: Tuleap SQL Injection case id: CM-2018-01 product: Tuleap version 9.17.99.189 vulnerability type: Blind SQL injection - time based severity: High found: 2018-02-24 by: Cristiano Maruti @cmaruti...