Entering into the second month of the year, there’s more information about the various groups that are using the Golden Chicken Malware-as-a-Service. In addition, there’s a lot of malware now in action to get a hold of confidential details related to the military, government, financial statements, banking, and other sensitive data. Be informed and read on these interesting and useful articles we have gathered.
For more articles, check out our #onpatrol4malware blog.
CryptoAPI Spoofing in 2020: Analysis of the First Red Alert at Microsoft HQ in the New Decade
Source: Obsecurity
The new decade has brought an almost shocking number of critical-level vulnerabilities so far, but none quite as impactful as CVE-2020-0601, now better known as the, “CryptoAPI Vulnerability.†Read more.
New Ryuk Info Stealer Targets Government and Military Secrets
Source: Bleeping Computer
A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data. Read more.
Hacker Publishes Credentials for Over 515,000 Servers, Routers, and IoT Devices
Source: Trend Micro
A hacker published the credentials of over 515,000 servers, routers, and IoT devices on a well-known hacking website. Read more.
Breaking down a two-year run of Vivin’s cryptominers
Source: Talos
There is another large-scale cryptomining attack from an actor we are tracking as “Vivin” that has been active since at least November 2017. Read more.
European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019
Source: Recorded Future
This report is based on proprietary Recorded Future network traffic analysis of RAT controllers detected using signatures developed by Insikt Group researchers. The period of analysis covers November 28, 2019 through January 5, 2020. Read more.
New wave of Mal-Spam campaign attaching Disk Imaging Files
Source: Seqrite
From past few months at Quick-Heal Labs, we have been observing a sudden rise in Spear Phishing mail containing distinct file formats as attachment like IMG, ISO, etc. Read more.
The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors
Source: Medium
Since 2018, QuoScient’s Intelligence Operations Team (QuoINT) has tracked the evolution of the Golden Chickens (GC) Malware-as-a-Service provider (MaaS) and how different threat actors use it. Read more.
Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats
Source: Trend Micro
Different critical infrastructures have been hit with attacks such as those that involved the infamous Stuxnet malware and the more recent Triton malware. Read more.
Hunting for Ransomware
Source: Reversing Labs
Many ransomware families have changed their tactics and victim-targeting in recent years. Rather than indiscriminate attacks against anyone they’re able to infect, they have moved to a process called “big game huntingâ€. Read more.
OpendoorCDN Skimmer Analysis Continued
Source: GoggleHeadedHacker
This article is a continuation of about an Olympic ticket reseller website that was infected with a Magecart-like credit card skimmer, since we have more findings to share. Read more.
[Heads-up] Scam Of The Week: Coronavirus Phishing Attacks In The Wild
Source: KnowBe4
We are seeing a new malicious phishing campaign that is based on the fear of the Coronavirus, and it’s the first of many. Read more.
Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting
Source: Sentinel Labs
Pro-Russian Gamaredon APT group has evolved over the last few months, introducing new components to boost its offensive power against the Ukrainian government. Read more.
These are the top ten software flaws used by crooks: Make sure you’ve applied the patches
Source: ZDNet
Hackers are exploiting many of the same security vulnerabilities as last year and they all impact Microsoft Windows products – but a bug in Adobe Flash was the most exploited in 2019. Read more.
Ghost in the shell: Investigating web shell attacks
Source: Microsoft
Recently, an organization in the public sector discovered that one of their internet-facing servers was misconfigured and allowed attackers to upload a web shell, which let the adversaries gain a foothold for further compromise. Read more.