Scenario: Org2 is a specialist technology company based in the UK. The Org2 IT security operations team responded to an alert from its corporate anti-virus provider that a copy of password stealing malware had been found on three of its domain controllers. This was a serious incident, and an investigation [...]
The first time I read about #BadRabbit, it reminded me of the movie Secret Life of Pets. I wonder if the malware namers thought of the same. After Wannacry and Petya/Not Petya/GoldenEye, its clear that Ukraine is a testing ground for everyone to try out their malware, program different variants ...
One curious thing I have noticed with these Global malicious epidemics is that most of them happen very close to a weekend. Wannacry went viral on a Thursday, GoldenEye on a Friday and with minimal support available on a weekend, they easily impact large corporations. What started last night with ...
Locky is a ransomware released in 2016, which became very active in early 2017, died for a bit and came back from the dead towards the end of August 2017. And came with a bang, according to ZDNET the return was announced in style by sending as many as 23 million ...
When WannaCry came out last month, many were taken by surprise of the exploit of NSA tools for SMB. Especially because a patch was launched by Microsoft for the same in March. Everyone who didnt patch lost your computer. In the days and weeks that followed everyone said PATCH PATCH ...
Single sign-on provider OneLogin has experienced a breach. If you or your company uses OneLogin to sign in to applications, or if you use any of their other services, you need to be aware of this and may need to take several actions immediately. In the past 24 hours, OneLogin ...
The ransomware is using an NSA exploit leaked by The Shadow Brokers, and has made tens of thousands of victims worldwide, including the Russian Interior Ministry, Chinese universities, Hungarian telcos, FedEx branches, and more. A ransomware outbreak is wreaking havoc all over the world, but especially in Spain, where Telefonica ...
Last week, we have warned Swiss citizens about a new malspam run targeting exclusively Swiss internet users. The attack aimed to infect them with Dridex. Dridex is a sophisticated eBanking Trojan that emerged from the code base of Bugat / Cridex in 2014. Despite takedown attempts by the security industry ...
Cyber4Sight has analyzed the malware distributed via the compromised Polish Financial Supervision Authority webpage and used in targeted attacks against a number of large banks and telecommunication companies. Read more: https://blog.cyber4sight.com/2017/02/technical-analysis-watering-hole-attacks-against-financial-institutions/ Indicator type Indicator FileHash-MD5 9cc6854bc5e217104734043c89dc4ff8 FileHash-MD5 e29fe3c181ac9ddbb242688b151f3310 FileHash-MD5 9914075cc687bdc352ee136ac6579707 FileHash-MD5 9216b29114fb6713ef228370cbfe4045 FileHash-MD5 5994a8fd8c68dd1cc51ce7ca0d9c2749 FileHash-MD5 40e698f961eb796728a57ddf81f52b9a FileHash-MD5 889e320cf66520485e1a0475107d7419 FileHash-MD5 25200d3fe30785f3c90a91faf8ebf1b5
