The vulnerability was actively exploited to install miners for cryptocurrencies such as Monero. It was reported that the malware used in the attack cloaked itself in certificate files for obfuscation. A security vulnerability in Oracle WebLogic Server was found to be actively exploited by cybercriminals to install cryptocurrency miners. Security researchers from Trend Micro discovered that the malware used in ...

A newly discovered malicious backdoor by the name of Hawkball was recently observed in a campaign apparently targeting one or more Russian-speaking government entities in Central Asia, according to a blog post this week from FireEye Labs. Upon successful infection, Hawkball offers the unidentified attackers a range of malicious capabilities, writes FireEye blog post author and malware researcher Swapnil Patil. These include surveying the ...

Cybersecurity threats are continuously evolving as attackers constantly vary their methods and tools to sidestep improved cyber defenses. To better understand this behavior, the WatchGuard Threat Lab analyzes these changing trends in our quarterly Internet Security Report. Not surprising, in Q4 2018 our team saw a mix of threats targeting organizations of all sizes. However, there were several attack methods that stood out ...

Eighty-six percent Small to Medium Business (SMB) clients were recently victimized by ransomware and 21 percent report six or more SMB attacks in the first half of 2017 alone, according to Datto’s State of the Channel Ransomware Report. Key findings from the ransomware report include: An estimated five percent of global SMBs fell victim to a ransomware attack from 2016 to 2017. ...

GandCrab, which is provided as ransomware-as-a-service, is expected to shut down operations by next month. The ransomware is said to have at least five variants since its inception last year. The infamous GandCrab ransomware might soon come to an end. In an announcement posted on a hacking forum, the creators of this formidable malware spoke of their decision to stop ...

Government may not be taking the risk of cyber attack on critical infrastructure seriously enough. So says Veronica Schmitt, academic and Lead Forensic Analyst at DFIR Labs. Speaking at the ITWeb Security Summit 2019 in Sandton today, she said governments tended to react after the fact instead of taking strong proactive measures to protect critical national infrastructure from cyber attacks. However, she also noted ...

Attackers behind this campaign were found to be using spam servers located in Estonia. The targeted industries include transportation and logistics, healthcare, import and export, marketing, agriculture, and others. Researchers from IBM X-Force have observed malspam campaigns targeting business users with the Hawkeye keylogger malware during the last two months. The targeted industries include transportation and logistics, healthcare, import and ...

The phishing emails impersonate the official ANZ online banking website in order to trick customers into handing over their vital banking details. The email is sent with the subject titled: “Successful BPAY Payment Advice”. Australia and New Zealand Banking Group (ANZ) is warning its customers about a new phishing scam that is aimed at stealing users’ banking details. What is ...

The first set of commands collect information about the victim’s system and environment. The attackers behind Zebrocy drop dumpers on victims’ computers in order to collect login credentials and private keys from web browsers including Yandex Browser, Chromium, 7Star Browser, CentBrowser, and versions of Microsoft Outlook from 1997 through 2016. Security researchers observed that attackers behind Zebrocy run commands manually ...

GetCrypt uses a combo of Salsa20 and RSA-4096 algorithms to encrypt the victim’s files. While encrypting, it appends a random 4 character extension to the infected files. Users infected by GetCrypt ransomware can now retrieve their encrypted files without paying a ransom. It is possible through a decryptor that has been released by security researchers. What is GetCrypt ransomware? GetCrypt ...