Pierluigi Paganini
May 13, 2020
Microsoft discovered a new phishing campaign using COVID-19 lures to target businesses with the infamous LokiBot information-stealer. Microsoft has discovered a new COVID-19 themed phishing campaign targeting businesses with the LokiBot Trojan. Lokibot was already employed in Coronavirus-themed campaigns, early of April, security experts at FortiGuard Labs discovered phishing attacks using alleged messages from the World Health Organization […]
Pierluigi Paganini
May 13, 2020
Magellan Health, a for-profit managed health care and insurance firm, was the victim of a ransomware attack. Magellan Health Inc. is an American for-profit managed health care company, its customers include health plans and other managed care organizations, employers, labor unions, various military and governmental agencies and third-party administrators. The company ranks 417 on the Fortune […]
Pierluigi Paganini
May 13, 2020
A security researcher is warning of a new wave of MageCart attackers, he has found over 1,000 domains infected with e-skimmers. MageCart gangs continue to be very active, security researcher Max Kersten discovered 1,236 domains hosting e-skimmer software. Hacker groups under the Magecart umbrella continue to target e-stores to steal payment card data with software skimmers. Security firms have […]
Pierluigi Paganini
May 13, 2020
The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT, it has uploaded the malicious code to VirusTotal. “On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the […]
Pierluigi Paganini
May 12, 2020
Trojan Lampion is back after 3 months. The malware was observed last days with a new obfuscation layer, new C2, and distributed inside an MSI file. Trojan Lampion is a malware observed at the end of the year 2019 impacting Portuguese users using template emails from the Portuguese Government Finance & Tax and EDP. The latest campaigns in Portugal were observed […]
Pierluigi Paganini
May 12, 2020
The Zeus Sphinx banking Trojan continues to evolve while receiving new updates it is employed in ongoing coronavirus-themed scams. IBM security researcher continues to monitor the evolution of the infamous Zeus Sphinx banking Trojan (aka Zloader or Terdot) that receives frequent updates and that was involved in active coronavirus scams. The Zeus Sphinx banking Trojan is based […]
Pierluigi Paganini
May 11, 2020
ATM maker Diebold Nixdorf discloses a ransomware attack, the good news is that the infection caused only “a limited IT systems outage.” Diebold Nixdorf, one of the major automatic teller machines (ATMs) maker suffered a ransomware attack that caused only “a limited IT systems outage.” The company discloses the security breach but pointed out that […]
Pierluigi Paganini
May 11, 2020
Microsoft and Intel have devised a new approach to malware detection, dubbed STAMINA, that involves deep learning and the representation of malware as images. STAtic Malware-as-Image Network Analysis (STAMINA) is a new approach to malware detection proposed by Microsoft and Intel. The study is based on a previous work of Intel’s researchers on static malware […]
Pierluigi Paganini
May 11, 2020
Researchers warn of a new feature implemented in the Sodinokibi ransomware, the threat can now encrypt open and locked files. The Sodinokibi ransomware (REvil) continues to evolve, operators implemented a new feature that allows the malware to encrypt victim’s files, even if they are opened and locked by another process. Many applications lock files to prevent […]
Pierluigi Paganini
May 10, 2020
Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. Researchers at security firm Red Canary uncovered a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework. The deserialization vulnerability CVE-2019-18935 could be exploited by attackers to achieve remote […]
