Kaseya VSA Supply-Chain Ransomware Attack

CREATED 2 HOURS AGO by AlienVault Public  TLP:  White Sophos has issued an advisory to customers of its Kaseya VSA server that is being used in an industry wide supply chain attack using a variant of the REvil ransomware to demand a ransom. REFERENCES: https://community.sophos.com/b/security-blog/posts/active-ransomware-attack-on-kaseya-customershttps://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/ TAGS: Kaseya, REvil MALWARE FAMILIES: Kaseya, REvil ATT&CK IDS: T1195 – Supply Chain Compromise, T1560 – Archive…

Android trojans steal Facebook users’ logins and passwords

CREATED 14 HOURS AGO by AlienVault Public  TLP:  White A round-up of interesting technology-related news and information from Dr Web.Web.com, which is available on the Google Play app, on Android devices, and on our desktop site. REFERENCES:https://news.drweb.com/show/?i=14244&lng=enhttps://github.com/DoctorWebLtd/malware-iocs/blob/master/Android.PWS.Facebook/README.adoc TAGS:android, facebook, google play, android device, Trojan MALWARE FAMILIES:PWS.Facebook.18, PWS.Facebook.15 ATT&CK IDS:T1606 – Forge Web Credentials, T1020 – Automated Exfiltration

Diavol – A New Ransomware Used By Wizard Spider

REFERENCE:https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider TAGS:conti, diavol, egregor, WIZARD SPIDER, Ransomware ADVERSARY:WIZARD SPIDER MALWARE FAMILIES:Conti, Diavol ATT&CK IDS:T1059 – Command and Scripting Interpreter, T1106 – Native API, T1070 – Indicator Removal on Host, T1057 – Process Discovery, T1040 – Network Sniffing, T1083 – File and Directory Discovery, T1027 – Obfuscated Files or Information, T1071 – Application Layer Protocol, T1082 – System Information Discovery, T1135 – Network Share Discovery, T1485 – Data Destruction, T1486 – Data…