Malware

Pierluigi Paganini June 05, 2018
The author of the Sigrun Ransomware decrypts Russian victims’ files for free

The author of the Sigrun Ransomware is providing the decryption key to Russian victims for free, others have to pay a ransom of $2,500 worth of Bitcoin or Dash for the victims. We have reported several cases where Russian malware authors avoid infecting computers in their country, but the case we are going to discuss is […]

Pierluigi Paganini June 05, 2018
Iron cybercrime group uses a new Backdoor based on HackingTeam’s RCS surveillance sw

Security experts at security firm Intezer have recently discovered backdoor, associated with the operation of the Iron cybercrime group, that is based on the leaked source code of Remote Control System (RCS). The Remote Control System (RCS) is the surveillance software developed by the HackingTeam, it was considered a powerful malware that is able to infect also mobile […]

Pierluigi Paganini June 03, 2018
Imperva’s research shows 75% of open Redis servers are infected

According to the security experts at Imperva firm, three open Redis servers out of four are infected with malware. The discovery is the result of analysis conducted by running Redis-based honeypot servers for some months. Since their initial report on the RedisWannaMine attack that propagates through open Redis and Windows servers, the experts from Imperva have discovered a new […]

Pierluigi Paganini June 03, 2018
Crooks included the code for CVE-2018-8174 IE Zero-Day in the RIG Exploit Kit

Cyber criminals recently added the code for the CVE-2018-8174 Internet Explorer zero-day vulnerability to the infamous RIG exploit kit. Crooks recently added the code for an Internet Explorer zero-day vulnerability to the infamous RIG exploit kit. The Internet Explorer zero-day vulnerability, tracked as CVE-2018-8174, was first discovered a few weeks ago, it affects VBScript implemented in Internet Explorer and Microsoft […]

Pierluigi Paganini June 02, 2018
Experts believe the botmaster of the VPNFilter is attempting to resume the botnet

Experts from security firms GreyNoise Intelligence and JASK believe that the threat actor behind the VPNFilter is now attempting to resume the botnet with a new wave of infections. A week ago security experts and law enforcement bodies reported the existence of a huge Russia-linked botnet tracked as VPNFilter. The botnet infected over 500,000 routers and […]

Pierluigi Paganini June 01, 2018
Crooks expand the original Mirai botnet code base with new capabilities and improvements

Cybercriminals continue to improve the infamous Mirai botnet by adding new exploits and functionalities, experts warn new dangerous variant will appear in the wild. According to Netscout’s Arbor Security Engineering and Response Team (ASERT), cybercriminals continue to improve the dreaded Mirai IoT botnet by adding new exploits and functionalities. The time to market of new Mirai botnet […]

Pierluigi Paganini June 01, 2018
North Korea-linked Andariel APT Group exploited an ActiveX Zero-Day in recent attacks

A North Korea-linked APT group, tracked as  Andariel Group, leveraged an ActiveX zero-day vulnerability in targeted attacks against South Korean entities. According to a report published by South Korean cyber-security firm AhnLab, the Andariel Group is a division of the dreaded Lazarus APT Group, it  already exploited ActiveX vulnerabilities in past attacks The attackers exploited at […]

Pierluigi Paganini May 30, 2018
US-CERT issued an alert on two malware associated with North Korea-linked APT Hidden Cobra

The Department of Homeland Security (DHS) and the FBI issued a joint Technical alert on two strain on malware, the Joanap backdoor Trojan and Brambul Server Message Block worm, associated with the HIDDEN COBRA North Korea-linked APT group. The US-CERT alert reads: “Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators […]

Pierluigi Paganini May 30, 2018
New Banking Trojan MnuBot uses SQL Server for Command and Control

Researchers at IBM X-Force Research team discovered a new Delphi-based banking Trojan dubbed MnuBot that leverages Microsoft SQL Server for communication with the command and control (C&C). The MnuBot Trojan implements a two-stage attack flow, it is composed of two main components that are tasked for the two stages. In the first stage, the malware searches for a file […]

Pierluigi Paganini May 29, 2018
The Cobalt Hacking crew is still active even after the arrest of its leader

Group-IB has released a new report on Cobalt group’s attacks against banks and financial sector organizations worldwide after the arrest of its leader. Threat intelligence firm Group-IB published an interesting report titiled “Cobalt: Evolution and Joint Operations” on the joint operations of Cobalt and Anunak (Carbanak) groups after the arrest of the leader in March 2018. Researchers reported that […]