Patch now available for Kaseya VSA platform.Alert status HIGH Background The ACSC has observed reporting that organisations globally have been impacted by the Kaseya VSA compromise and REvil ransomware. The ACSC has also received reporting from impacted Australian organisations. The ACSC is aware that a vulnerability in the Kaseya VSA platform enabled the REvil group to distribute malware through…
Cybercriminals are targeting construction companies to conduct business email compromise scams. All parties to construction projects should be vigilant when emailing about invoices and bank details.Alert status MEDIUM The ACSC has observed a growing trend affecting construction companies and their customers. In the past six months there has been an increase in cybercriminals targeting builders and…
CREATED 10 HOURS AGO by AlienVault Public TLP: White A wiper malware disguised with a filename associated to the Tokyo Olympic Games was recently uploaded to VirusTotal concurring with the start of the Olympic Games. REFERENCE:https://www.mbsd.jp/research/20210721/blog/ TAGS:Tokyo 2020, Olympic Games, Wiper TARGETED COUNTRY:Japan ATT&CK IDS:T1497 – Virtualization/Sandbox Evasion, T1485 – Data Destruction, T1204.002 – Malicious File
By Unit 42 July 14, 2021 at 4:00 PM Category: Threat Brief, Unit 42 Tags: CVE-2021-1675, CVE-2021-34527, PrintNightmare, remote code execution, threat brief, Windows Executive Summary On July 1, 2021, Microsoft released a security advisory for a new remote code execution (RCE) vulnerability in Windows, CVE-2021-34527, referred to publicly as “PrintNightmare.” Security researchers initially believed this vulnerability to be tied to CVE-2021-1675 (Windows Print Spooler Remote…
CREATED 2 HOURS AGO by AlienVaultPublic TLP: WhiteSentinelOne Labs takes a look at Conti’s development over the time and how it has evolved, comparing functionality across versions. REFERENCE: https://assets.sentinelone.com/ransomware-enterprise/conti-ransomware-unpacked TAGS: conti, ransomware MALWARE FAMILY: Conti Ransomware ATT&CK IDS: T1001 – Data Obfuscation, T1471 – Data Encrypted for Impact, T1407 – Download New Code at Runtime,…
CREATED 48 MINUTES AGO by AlienVaultPublic TLP: WhiteTwitter user @C0rk1_H assesses that the PurpleFox botnet has begun exploiting the PrintNightmare (CVE-2021-34527) vulnerability in a recent cryptocurrency mining campaign. REFERENCE: https://twitter.com/C0rk1_H/status/1412801973628272641TAGS: purplefox, printnightmare, cve-2021-34527MALWARE FAMILY: win.purplefox
By Juha SaarinenJul 7 202111:47AM All supported Windows versions need updating. Microsoft has released updates for all supported versions of its Windows desktop and server operating systems to fix the PrintNightmare remote code execution zero day vulnerability that is currently being exploited by unnamed threat actors. PrintNightmare is rated as a critical vulnerability, with low…
By Justin HendryJul 8 20212:47PM Just days before school term resumes. The NSW Department of Education has suffered a cyber attack just days before the school term resumes and students in Greater Sydney are forced to rely on remote learning. The department said in a statement on Thursday that the attack had forced it to deactivate…
CREATED 51 MINUTES AGO by AlienVault Public TLP: White A malicious code sample has been detected that checks to see if the company has C programs installed. After checking the existence of C program related files before performing malicious actions, if they do not exist, no additional actions are performed. Otherwise, the final action is to download and…
Author:Lisa Vaas July 7, 2021 12:23 pm The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers’ bank-card data. A Moroccan man suspected of being “Dr HeX” – the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding…