On to the start of the last month of the year and just around Thanksgiving, cyber crimes are still rampant. Even GoDaddy was also a victim of a scam using voice phishing or vishing. The scam shows how vishing can be more deceptive than email schemes. Learn more about vishing and other malware in this batch of InfoSec articles.

For more articles, check out our #onpatrol4malware blog.

TA505: A Brief History Of Their Time

Source: nccgroup

TA505 is a sophisticated and innovative threat actor, with plenty of cybercrime experience, that engages in targeted attacks across multiple sectors and geographies for financial gain. Read more.

Exposed Database Reveals 100K+ Compromised Facebook Accounts

Source: Threat Post

Cybercriminals left an ElasticSearch database exposed, revealing a global attack that compromised Facebook accounts and used them to scam others. Read more.

Hacked Security Software Used in Novel South Korean Supply-Chain Attack

Source: Threat Post

Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea. Read more.

Cold storage giant Americold hit by cyberattack, services impacted

Source: Bleeping Computer

Cold storage giant Americold is currently dealing with a cyberattack impacting their operations, including phone systems, email, inventory management, and order fulfillment. Read more.


GoDaddy scam shows how voice phishing can be more deceptive than email schemes

Source: SC Magazine

What protects workers from phone-based voice phishing (vishing) scams, like the kind that recently targeted GoDaddy and a group of cryptocurrency platforms that use the Internet domain registrar service? Read more.

US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit

Source: Wired

The Department of Justice unsealed charges including computer fraud and conspiracy against six of the hackers who allegedly make up Sandworm, and confirmed to work in Unit 74455 of Russia’s GRU military intelligence agency. Read more.

Smart doorbells ‘easy target for hackers’ study finds

Source: BBC News

Major security flaws in popular smart doorbells are putting consumers at risk of being targeted by hackers inside their homes, according to Which. Read more.


TurkeyBombing Puts New Twist on Zoom Abuse

Source: Threat Post

Millions of family and friends, forced to spend Thanksgiving socially distant, are being targeted by cybercriminals as they turn to video platforms like Zoom to virtually be together. Read more.


Popular apps in Google store leak data that adversaries could use to spy on targets

Source: SC Magazine

Two of the most popular Chinese apps on the Google Play Store are leaking sensitive user information that could be used to track users for years, even after they’ve switched phones. Read more.

Stantinko’s Proxy After Your Apache Server

Source: Intezer

A new version of a Linux proxy trojan related to Stantinko group was discovered. The malware has just one detection in VirusTotal at the time of this publication. Read more.

We infiltrated an IRC botnet. Here’s what we found

Source: CyberNews

In order to gather valuable information about the IRC botnet’s activity, cybernews joined its Command and Control channel where they met the botmaster who was responsible for running the entire network of compromised systems. Read more.


Heads up: A new strain of card-skimming Grelos malware is on the loose

Source: The Register

A new offshoot of the Grelos card-skimming malware – a common Magecart variant – is doing the rounds, according to infosec biz RiskIQ. Read more.

Malsmoke operators abandon exploit kits in favor of social engineering scheme

Source: Malwarebytes

Exploit kits continue to be used as a malware delivery platform. It was observed that a number of different malvertising campaigns leading to RIG, Fallout, Spelevo and Purple Fox, among others. Read more.


It’s hard to keep a big botnet down: TrickBot sputters back toward full health

Source: cyberscoop

Mounting evidence suggests that TrickBot, the vast botnet that both U.S. Cyber Command and a Microsoft-led coalition sought to disable around the 2020 elections, is on the mend and evolving. Read more.