malware

Pierluigi Paganini April 24, 2020
SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

The popular SeaChange video platform is the latest victim of the Sodinokibi Ransomware gang, which is threatening to leak the stolen data. SeaChange International, the multinational supplier of video delivery software solutions, was the victim of the Sodinokibi Ransomware gang. The crew has published images of the data they claim to have stolen before encrypting the […]

Pierluigi Paganini April 23, 2020
Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. Juan Andres Guerrero-Saade, a former Kaspersky and Google researcher, uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in […]

Pierluigi Paganini April 23, 2020
Vietnam-linked APT32 group launches COVID-19-themed attacks against China

The Vietnam-linked cyberespionage group tracked as APT32 carried out hacking campaigns against Chinese entities to collect intelligence on the COVID-19 crisis. Vietnam-linked APT group APT32, also known as OceanLotus and APT-C-00, carried out cyber espionage campaigns against Chinese entities to gather intelligence on the COVID-19 crisis. The APT32 group has been active since at least 2012, […]

Pierluigi Paganini April 21, 2020
Spearphishing attacks hit the oil and gas industry sector

Hackers launched spear-phishing attacks against organizations in the oil and gas industry sector spreading the Agent Tesla info-stealer malware. Crooks are targeting organizations in the oil and gas industry sector with targeted spearphishing campaigns impersonating shipment companies and engineering contractors. The attacks aim at infecting victims with the infamous Agent Tesla info-stealer malware. Agent Tesla is […]

Pierluigi Paganini April 20, 2020
Threat Report Portugal Q1 2020

Threat Report Portugal Q1 2020: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is a novel open sharing database with the ability to collect indicators from multiple sources, developed by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution from the community. This makes it a reliable and trustworthy and […]

Pierluigi Paganini April 20, 2020
Law enforcement and Microsoft join forces to dismantle botnet using LED Light Control Console

Cybercriminals have abused LED light control console to launch malicious attacks, Microsoft’s security experts warn. Microsoft researchers shared details of a new incident discovered in Taiwan, where crooks abused LED light control consoles to launch malicious attacks. Threat actors used the consoles to deliver malware and ransomware through an IoT botnet that was also used […]

Pierluigi Paganini April 19, 2020
Coronavirus-themed attacks April 12 – April 18, 2020

This post includes the details of the Coronavirus-themed attacks launched from April 12 to April 18, 2020. Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. April 14 – Crooks target Healthcare facilities involved […]

Pierluigi Paganini April 19, 2020
Are Maze operators behind the attack on the IT services giant Cognizant?

IT services giant Cognizant suffered a ransomware attack on Friday, according to BleepingComputer company was hit by the Maze Ransomware crew. Information technologies services giant Cognizant is the last victim of a ransomware attack, according to BleepingComputer the attack was launched by the Maze Ransomware gang. Cognizant is an American multinational corporation that provides IT services, it is […]

Pierluigi Paganini April 18, 2020
Coronavirus-themed campaign targets energy sector with PoetRAT

Threat actors employed the previously-undetected PoetRAT Trojan in a Coronavirus-themed campaign aimed at government and energy sectors.  Cisco Talos researchers have uncovered a new Coronavirus-themed campaign employing a previously-undiscovered RAT tracked as PoetRAT. The attacks targeted the Azerbaijan government and utility companies, the malicious code was designed to infect supervisory control and data acquisition (SCADA) systems, […]

Pierluigi Paganini April 18, 2020
Trickbot is the most prolific malware operation using COVID-19 themed lures

TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. The analysis of Microsoft Office 365 ATP data revealed that TrickBot is, at the moment, the malware operation with the highest number of unique COVID-19-themed malicious emails and attachments. Microsoft experts revealed that this campaign […]