Android trojans steal Facebook users’ logins and passwords

Current Threats, Uncategorised

CREATED 14 HOURS AGO by AlienVault Public  TLP:  White A round-up of interesting technology-related news and information from Dr Web.Web.com, which is available on the Google Play app, on Android devices, and on our desktop site. REFERENCES:https://news.drweb.com/show/?i=14244&lng=enhttps://github.com/DoctorWebLtd/malware-iocs/blob/master/Android.PWS.Facebook/README.adoc TAGS:android, facebook, google play, android device, Trojan MALWARE FAMILIES:PWS.Facebook.18, PWS.Facebook.15 ATT&CK IDS:T1606 – Forge Web Credentials, T1020 – Automated Exfiltration

Diavol – A New Ransomware Used By Wizard Spider

Current Threats, Uncategorised

REFERENCE:https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider TAGS:conti, diavol, egregor, WIZARD SPIDER, Ransomware ADVERSARY:WIZARD SPIDER MALWARE FAMILIES:Conti, Diavol ATT&CK IDS:T1059 – Command and Scripting Interpreter, T1106 – Native API, T1070 – Indicator Removal on Host, T1057 – Process Discovery, T1040 – Network Sniffing, T1083 – File and Directory Discovery, T1027 – Obfuscated Files or Information, T1071 – Application Layer Protocol, T1082 – System Information Discovery, T1135 – Network Share Discovery, T1485 – Data Destruction, T1486 – Data…

CVE List July 2021

Current Threats, Uncategorised

Below is a list of CVEs for the selected month. NOTE: The CVEs shown below have a release date in the year and month chosen. The CVE ID may show a year value that does not match the release date, however, the release date will fall within the chosen year and month. 30 entries found for July 2021 CVE-2021-20752 CVE-2021-20778…

PrintNightmare, Critical Windows Print Spooler Vulnerability

Current Threats, Uncategorised

Original release date: June 30, 2021 | Last revised: July 01, 2021 (Updated July 1, 2021) See Microsoft’s new guidance for the Print spooler vulnerability (CVE-2021-34527) and apply the necessary workarounds.  (Original post June 30, 2021) The CERT Coordination Center (CERT/CC) has released a VulNote for a critical remote code execution vulnerability in the Windows Print spooler service, noting: “while Microsoft has…

SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks

Current Threats, Uncategorised

CREATED 1 DAY AGO  MODIFIED 19 HOURS AGO by AlienVault Public  TLP:  White Guardicore reveals new details in the Indexsinas SMB worm, which infects servers across the world and threatens the security of the entire internet, and is being used to propagate the attack. REFERENCES: https://www.guardicore.com/labs/smb-wormindexsinas/https://github.com/guardicore/labs_campaigns/blob/master/Indexsinas/files.md TAGS:doublepulsar, indexsinas, equation group, Worm, SMB, EternalBlue, NSABuffMiner INDUSTRIES:Telecommunication, Government, Medical, Telecommunications, Education, Hospitality, Healthcare MALWARE FAMILIES:DoublePulsar, Equation, Indexsinas ATT&CK IDS:T1036 – Masquerading, T1040 – Network Sniffing, T1046 – Network…

Mirai_ptea Botnet

Current Threats, Uncategorised

CREATED 1 DAY AGO by AlienVault Public  TLP:  White On 2021-06-22, Netlab detected that a mirai_pteamirai variant sample Netlab named was spread through an unknown vulnerability. After analysis, the vulnerability is an undisclosed vulnerability of KGUARD DVR . From Netlab’s analysis, the vulnerability exists in the 2016 firmware version. All firmware manufacturers that we can find after 2017 have…

IndigoZebra APT Hacking Campaign Targets the Afghan Government

Current Threats, Uncategorised

CREATED 20 HOURS AGO by dekaRituraj Public  TLP:  White Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014. Israeli cybersecurity firm Check Point Research attributed the intrusions to a hacking group tracked under…