By Juha SaarinenJul 7 202111:47AM All supported Windows versions need updating. Microsoft has released updates for all supported versions of its Windows desktop and server operating systems to fix the PrintNightmare remote code execution zero day vulnerability that is currently being exploited by unnamed threat actors. PrintNightmare is rated as a critical vulnerability, with low…
By Justin HendryJul 8 20212:47PM Just days before school term resumes. The NSW Department of Education has suffered a cyber attack just days before the school term resumes and students in Greater Sydney are forced to rely on remote learning. The department said in a statement on Thursday that the attack had forced it to deactivate…
CREATED 51 MINUTES AGO by AlienVault Public TLP: White A malicious code sample has been detected that checks to see if the company has C programs installed. After checking the existence of C program related files before performing malicious actions, if they do not exist, no additional actions are performed. Otherwise, the final action is to download and…
Author:Lisa Vaas July 7, 2021 12:23 pm The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers’ bank-card data. A Moroccan man suspected of being “Dr HeX” – the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding…
Author:Lisa Vaas July 6, 2021 1:01 pm Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices. Bad news comes in threes, most particularly for Western Digital customers. As if things weren’t bad enough for the untold number of Western Digital customers whose…
CREATED 1 HOUR AGO by AlienVault Public TLP: White The attack leveraged the on-premises servers deployed by IT Management Software vendor Kaseya. It was initially thought that Kaseya might have been compromised themselves as a root cause — similar to the compromises associated with SolarWinds software in December of 2020. Instead, the attackers found and leveraged an unpatched…
CREATED 1 HOUR AGO by AlienVault Public TLP: White In 2021 ESET detected an ongoing campaign targeting corporate networks in Spanish-speaking countries, with 90% of the detections in Venezuela. When comparing the malware used in this campaign with what was previously documented, they found new functionality and changes to this malware, known as Bandook. They also found that…
CREATED 10 HOURS AGO by AlienVault Public TLP: White Ryuk ransomware, which encrypts files and demands payment in Bitcoin for the release of the keys used to decrypt them, is now targeting web servers, according to a report published by McAfee.REFERENCE:https://www.mcafee.com/enterprise/en-us/assets/reports/rp-ryuk-ransomware-targeting-webservers.pdf TAGS:ryuk, ransomware MALWARE FAMILY:Ryuk ATT&CK IDS:T1134 – Access Token Manipulation, T1059.003 – Windows Command Shell, T1471 – Data Encrypted for…
CREATED 10 HOURS AGO by AlienVault Public TLP: White Kaspersky has discovered a new campaign from the WildPressure threat actor. This campaign includes the C++ Milum Trojan, a corresponding VBScript variant and a set of modules that include an orchestrator and three plugins. REFERENCE:https://securelist.com/wildpressure-targets-macos/103072/ TAGS:milum, wildpressure, macos, apt, tandis, python guard ADVERSARY:WildPressure MALWARE FAMILIES:Milum, Tandis, Python Guard ATT&CK IDS:T1047 – Windows Management Instrumentation, T1140 – Deobfuscate/Decode Files…