malware

Pierluigi Paganini March 04, 2019
Threat actors using FrameworkPOS malware in POS attacks

Security experts at Morphisec observed a wave of attacks against point-of-sale (PoS) thin clients using card data scraping malware and the Cobalt Strike beacon. Over the past 8-10 weeks, security experts at Morphisec observed multiple sophisticated attacks targeting PoS thin clients worldwide.  Most of the indicators collected by the experts point to the FIN6 hacking […]

Pierluigi Paganini March 02, 2019
[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

SI-LAB captured a piece of the FlawedAmmyy malware that leverages undetected XLM macros as an Infection Vehicle to compromise user’s devices. In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 macro, also known as XLM macro, and used to download and execute a final […]

Pierluigi Paganini March 01, 2019
Emissary Panda updated its weapons for attacks in the past 2 years

Experts analyzed tools and intrusion methods used by theChina-linked cyber-espionage group Emissary Panda in attacks over the past 2 years. This morning I wrote about a large-scale cyber attack that hit the International Civil Aviation Organization (ICAO) in November 2016, Emissary Panda was suspected to be the culprit. Experts at Secureworks reports who investigated the […]

Pierluigi Paganini February 28, 2019
Ransomware, Trojan and Miner together against “PIK-Group”

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware, Trojan, and Miner capabilities. When an unknown sender suggests me to click on a super wired url, dropping a ZIP file straight in my box, by saying it’s getting the next targeted attack on a huge company, […]

Pierluigi Paganini February 27, 2019
Multiple threat actors are targeting Elasticsearch Clusters

Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners. Cisco Talos experts have reported a spike in the attacks thatleverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. At least six different threat actors are targeting installs running older […]

Pierluigi Paganini February 26, 2019
The Arsenal Behind the Australian Parliament Hack

Cybaze-Yoroi ZLab investigated artefacts behind Australian Parliament attack to have an insight of Tools and Capabilities associated with the attackers. Introduction In the past days, a cyber attack targeted a high profile target on the APAC area: the Australian Parliament House. As reported by the Australian prime minister there was no evidence of any information theft […]

Pierluigi Paganini February 26, 2019
Malware spam campaign exploits WinRAR flaw to deliver Backdoor

Experts discovered a malspam campaign that is distributing a malicious RAR archive that could exploit the WinRAR flaw to install deliver malware on a computer. A few days ago, security experts at CheckPoint software have disclosed a critical 19-year-old vulnerability in the WinRAR that could be exploited by attackers to gain full control over a […]

Pierluigi Paganini February 23, 2019
Crooks offer millions to skilled black hats to help them in extortion campaigns

Cybercriminals are offering over a million dollars per year to skilled professionals like vxers and penetration testers to help them in extortion campaigns. According to a new report published by the security firm Digital Shadows cybercriminal organizations are willing to pay millions to skilled hackers and malware developers. The analysis of posts on Dark Web […]

Pierluigi Paganini February 21, 2019
The interface of WinPot ATM Malware looks like a slot machine

Malware researchers from Kaspersky Lab have detected a new piece of malware dubbed WinPot that was designed to target automated teller machines (ATMs). Security experts from Kaspersky Lab have discovered a new piece of malware dubbed WinPot that target ATMs, it could be used by crooks to make the ATMs automatically dispense all cash from […]

Pierluigi Paganini February 20, 2019
North Korea’s Lazarus APT targets Russian Entities

Security researchers at Check Point have uncovered a cyber espionage campaign conducted by Lazarus APT group aimed at Russian targets. Security experts at Check Point have uncovered a cyber espionage campaign carried out by Lazarus aimed at Russian targets, If the attribution is correct, this is the first time that North Korean cyber spies were […]