For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants, Yoroi-Cybaze ZLab detailed its evolution. Introduction For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants. Yoroi-Cybaze ZLab closely observed these campaigns and analyzed them to track the evolution of the techniques and […]
The MuddyWater cyber espionage group has used an updated multi-stage PowerShell backdoor in recent cyber attacks. Security experts at Trend Micro report that the MuddyWater APT group (aka SeedWorm and TEMP.Zagros), has used an updated multi-stage PowerShell backdoor in recent cyber espionage campaigns. The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East. The experts called […]
The CVE-2019-2725 vulnerability in Oracle WebLogic recently, addressed by the company, is being exploited in cryptojacking attacks, Trend Micro reports. Experts at Trend Micro reported that the recently patched CVE-2019-2725 vulnerability in Oracle WebLogic is being exploited in cryptojacking attacks. The flaw is a deserialization remote command execution zero-day vulnerability that affects the Oracle WebLogic wls9_async and wls–wsat components. The […]
A security researcher found new evidence of activities conducted by the ICEFOG APT group, also tracked by the experts as Fucobha. Chi-en (Ashley) Shen, a senior security researcher at FireEye, collected evidence that demonstrates that China-linked APT group ICEFOG (aka Fucobha) is still active. The activities of the APT group were first uncovered by Kaspersky […]
A new botnet tracked as GoldBrute is scanning the web for Windows machines with Remote Desktop Protocol (RDP) connection enabled. A new botnet tracked as GoldBrute has appeared in the threat landscape, it is scanning the web for Windows machines with Remote Desktop Protocol (RDP) connection enabled. The botnet is currently targeting over 1.5 million […]
The Platinum cyber espionage group uses steganographic technique to hide communications with the Command and Control Servers (C&C). Experts from Kaspersky have linked the Platinum APT group with cyber attacks involving an elaborate, and new steganographic technique used to hide communications with C2 servers. The APT group was discovered by Microsoft in 2016, it targeted organizations […]
A new piece of malware appeared in the threat landscape, dubbed BlackSquid it targets web servers with several exploits to deliver cryptocurrency miners. Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. The new piece of malware leverages many exploits […]
Microsoft Azure cloud services are being abused by threat actors to host malware and as command and control (C&C) servers. Threat actors look with great interest at cloud services that could be abused for several malicious purposes, like storing malware or implementing command and control servers. Now it seems to be the Microsoft Azure’s turn, […]
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” https://www.surveymonkey.com/r/EUBloggerAwards2018 Police seized Bestmixer, the mixing service washed […]
Turla, the Russia-linked cyberespionage group, is weaponizing PowerShell scripts and is using them in attacks against EU diplomats. Turla (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON), the Russia-linked APT group, is using weaponized PowerShell scripts in attacks aimed at EU diplomats. Turla group has been active since at least 2007 targeting government organizations and […]