Cybercriminals targeting construction companies to conduct email scams

Cybercriminals are targeting construction companies to conduct business email compromise scams. All parties to construction projects should be vigilant when emailing about invoices and bank details.Alert status MEDIUM The ACSC has observed a growing trend affecting construction companies and their customers. In the past six months there has been an increase in cybercriminals targeting builders and…

Wiper luring the Olympic Games

CREATED 10 HOURS AGO by AlienVault Public  TLP:  White A wiper malware disguised with a filename associated to the Tokyo Olympic Games was recently uploaded to VirusTotal concurring with the start of the Olympic Games. REFERENCE:https://www.mbsd.jp/research/20210721/blog/ TAGS:Tokyo 2020, Olympic Games, Wiper TARGETED COUNTRY:Japan ATT&CK IDS:T1497 – Virtualization/Sandbox Evasion, T1485 – Data Destruction, T1204.002 – Malicious File

Threat Brief: Windows Print Spooler RCE Vulnerability (CVE-2021-34527 AKA PrintNightmare)

By Unit 42 July 14, 2021 at 4:00 PM Category: Threat Brief, Unit 42 Tags: CVE-2021-1675, CVE-2021-34527, PrintNightmare, remote code execution, threat brief, Windows Executive Summary On July 1, 2021, Microsoft released a security advisory for a new remote code execution (RCE) vulnerability in Windows, CVE-2021-34527, referred to publicly as “PrintNightmare.” Security researchers initially believed this vulnerability to be tied to CVE-2021-1675 (Windows Print Spooler Remote…

Conti Unpacked: Understanding Ransomware Development as a Response to Detection

CREATED 2 HOURS AGO by AlienVaultPublic TLP: WhiteSentinelOne Labs takes a look at Conti’s development over the time and how it has evolved, comparing functionality across versions. REFERENCE: https://assets.sentinelone.com/ransomware-enterprise/conti-ransomware-unpacked TAGS: conti, ransomware MALWARE FAMILY: Conti Ransomware ATT&CK IDS: T1001 – Data Obfuscation, T1471 – Data Encrypted for Impact, T1407 – Download New Code at Runtime,…

PurpleFox botnet exploiting PrintNightmare in cryptocurrency mining campaign

CREATED 48 MINUTES AGO by AlienVaultPublic TLP: WhiteTwitter user @C0rk1_H assesses that the PurpleFox botnet has begun exploiting the PrintNightmare (CVE-2021-34527) vulnerability in a recent cryptocurrency mining campaign. REFERENCE: https://twitter.com/C0rk1_H/status/1412801973628272641TAGS: purplefox, printnightmare, cve-2021-34527MALWARE FAMILY: win.purplefox

Patches released for exploited Windows PrintNightmare bug

  By Juha SaarinenJul 7 202111:47AM All supported Windows versions need updating. Microsoft has released updates for all supported versions of its Windows desktop and server operating systems to fix the PrintNightmare remote code execution zero day vulnerability that is currently being exploited by unnamed threat actors. PrintNightmare is rated as a critical vulnerability, with low…

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing

Author:Lisa Vaas July 7, 2021  12:23 pm The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers’ bank-card data. A Moroccan man suspected of being “Dr HeX” – the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding…