Yearly Archives: 2021

Vultur, with a V for VNC

by AlienVault Public  TLP:  White In this blogpost, ThreatFabric presents its findings on Vultur, a new banking trojan that can record and keylogging on victims’ devices via VNC, as part of a series of blog posts. REFERENCE: https://www.threatfabric.com/blogs/vultur-v-for-vnc.html TAGS:Vultur, VNC, Keylogging, RAT, Brunhilda INDUSTRY:Banking TARGETED COUNTRIES:Spain, Australia, Italy MALWARE FAMILIES:Brunhilda, Vultur ATT&CK IDS:T1113 – Screen Capture, T1056 – Input Capture, T1219 – Remote Access Software, T1030 –…

FlyTrap Android Malware Compromises Thousands of Facebook Accounts

by AlienVault Public  TLP:  White Mobile security firm Zimperium has uncovered a new family of Android Trojan applications that hijack Facebook accounts and spread the malware to other victims, including the US, Canada, Australia and Japan. REFERENCE: https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts https://thehackernews.com/2021/08/beware-new-android-malware-hacks.html https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/ https://www.bleepingcomputer.com/news/security/flytrap-malware-hijacks-thousands-of-facebook-accounts/ https://uk.pcmag.com/security/134975/flytrap-android-malware-used-to-compromise-facebook-accounts TAGS:flytrap, google play, trojan, facebook, android MALWARE FAMILY:FlyTrap ATT&CK IDS:T1055 – Process Injection, T1566 – Phishing, T1557 – Man-in-the-Middle, T1503 – Credentials…

Kaseya VSA Supply-Chain Ransomware Attack

Patch now available for Kaseya VSA platform.Alert status HIGH Background The ACSC has observed reporting that organisations globally have been impacted by the Kaseya VSA compromise and REvil ransomware. The ACSC has also received reporting from impacted Australian organisations. The ACSC is aware that a vulnerability in the Kaseya VSA platform enabled the REvil group to distribute malware through…

Cybercriminals targeting construction companies to conduct email scams

Cybercriminals are targeting construction companies to conduct business email compromise scams. All parties to construction projects should be vigilant when emailing about invoices and bank details.Alert status MEDIUM The ACSC has observed a growing trend affecting construction companies and their customers. In the past six months there has been an increase in cybercriminals targeting builders and…

Wiper luring the Olympic Games

CREATED 10 HOURS AGO by AlienVault Public  TLP:  White A wiper malware disguised with a filename associated to the Tokyo Olympic Games was recently uploaded to VirusTotal concurring with the start of the Olympic Games. REFERENCE:https://www.mbsd.jp/research/20210721/blog/ TAGS:Tokyo 2020, Olympic Games, Wiper TARGETED COUNTRY:Japan ATT&CK IDS:T1497 – Virtualization/Sandbox Evasion, T1485 – Data Destruction, T1204.002 – Malicious File

Threat Brief: Windows Print Spooler RCE Vulnerability (CVE-2021-34527 AKA PrintNightmare)

By Unit 42 July 14, 2021 at 4:00 PM Category: Threat Brief, Unit 42 Tags: CVE-2021-1675, CVE-2021-34527, PrintNightmare, remote code execution, threat brief, Windows Executive Summary On July 1, 2021, Microsoft released a security advisory for a new remote code execution (RCE) vulnerability in Windows, CVE-2021-34527, referred to publicly as “PrintNightmare.” Security researchers initially believed this vulnerability to be tied to CVE-2021-1675 (Windows Print Spooler Remote…

Conti Unpacked: Understanding Ransomware Development as a Response to Detection

CREATED 2 HOURS AGO by AlienVaultPublic TLP: WhiteSentinelOne Labs takes a look at Conti’s development over the time and how it has evolved, comparing functionality across versions. REFERENCE: https://assets.sentinelone.com/ransomware-enterprise/conti-ransomware-unpacked TAGS: conti, ransomware MALWARE FAMILY: Conti Ransomware ATT&CK IDS: T1001 – Data Obfuscation, T1471 – Data Encrypted for Impact, T1407 – Download New Code at Runtime,…

PurpleFox botnet exploiting PrintNightmare in cryptocurrency mining campaign

CREATED 48 MINUTES AGO by AlienVaultPublic TLP: WhiteTwitter user @C0rk1_H assesses that the PurpleFox botnet has begun exploiting the PrintNightmare (CVE-2021-34527) vulnerability in a recent cryptocurrency mining campaign. REFERENCE: https://twitter.com/C0rk1_H/status/1412801973628272641TAGS: purplefox, printnightmare, cve-2021-34527MALWARE FAMILY: win.purplefox

Patches released for exploited Windows PrintNightmare bug

  By Juha SaarinenJul 7 202111:47AM All supported Windows versions need updating. Microsoft has released updates for all supported versions of its Windows desktop and server operating systems to fix the PrintNightmare remote code execution zero day vulnerability that is currently being exploited by unnamed threat actors. PrintNightmare is rated as a critical vulnerability, with low…

NSW Education department hit by cyber attack

By Justin HendryJul 8 20212:47PM Just days before school term resumes. The NSW Department of Education has suffered a cyber attack just days before the school term resumes and students in Greater Sydney are forced to rely on remote learning. The department said in a statement on Thursday that the attack had forced it to deactivate…