We have now come into a new month, and this set of InfoSec articles discusses how some specific malware operates. One of these is the Evilnum malware which was previously seen in attacks against financial technology companies. Read on and learn more in this batch of InfoSec articles.
For more articles, check out our #onpatrol4malware blog.
How Police Secretly Took Over a Global Phone Network for Organized Crime
Source: Vice
Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots. Read more.
More evil: A deep look at Evilnum and its toolset
Source: WeLiveSecurity
ESET has analyzed the operations of Evilnum, the APT group behind the Evilnum malware previously seen in attacks against financial technology companies. Read more.
New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173
Source: Trend Micro
It is discovered a new Mirai variant that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which have not been observed exploited by past Mirai variants. Read more.
The Tetrade: Brazilian banking malware goes global
Source: SecureList
The Tetrade is our designation for four large banking trojan families created, developed and spread by Brazilian crooks, but now on a global level. Read more.
Chinese APT group targets India and Hong Kong using new variant of MgBot malware
Source: Malwarebytes
Considering the ongoing tensions between India and China, it is believed that this new campaign is operated by a Chinese state-sponsored actor. Read more.
Blackbaud Hack: Universities lose data to ransomware attack
Source: BBC
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked a cloud computing provider. Read more.
Garmin says systems back online after cyber attack
Source: Yahoo News
Computer networks of the smartwatch and electronics firm Garmin were coming back online Monday, the company said, after an outage widely believed to have been due to a ransomware attack. Read more.
Cerberus banking Trojan team breaks up, source code goes to auction
Source: ZDNet
The source code of the Android-based Cerberus banking Trojan is being auctioned off due to the break-up of the development team. Read more.
Office 365 phishing baits employees with fake SharePoint alerts
Source: Bleeping Computer
Employees using Microsoft Office 365 are targeted in a phishing campaign that makes use of bait messages camouflaged as automated SharePoint notifications to steal their accounts. Read more.
Can we disable ransomware launched as a SYSTEM on thousands of machines at the same time?
Source: TEHTRIS
There is a large infrastructure protected and monitored by TEHTRIS remotely from its SOC in France, which has been targeted with the well-known weapon called SODINOKIBI. Read more.