The first set of commands collect information about the victim’s system and environment. The attackers behind Zebrocy drop dumpers on victims’ computers in order to collect login credentials and private keys from web browsers including Yandex Browser, Chromium, 7Star Browser, CentBrowser, and versions of Microsoft Outlook from 1997 through 2016. Security researchers observed that attackers behind Zebrocy run commands manually ...

GetCrypt uses a combo of Salsa20 and RSA-4096 algorithms to encrypt the victim’s files. While encrypting, it appends a random 4 character extension to the infected files. Users infected by GetCrypt ransomware can now retrieve their encrypted files without paying a ransom. It is possible through a decryptor that has been released by security researchers. What is GetCrypt ransomware? GetCrypt ...

Multiple subdomains operated by HCL were found to be publicly exposed. The sensitive data exposed includes personal information and plaintext passwords for new hires, customer reports, and dashboards for managing personnel. Indian IT firm HCL has come under the scanner after it left sensitive information such as employee passwords, as well as certain customer details out in the open. The ...

This malware campaign has primarily targeted the United States, Germany, India, and the United Kingdom. W97M steals banking login credentials and sends it to .ru websites. Researchers observed that some instances of the W97M/Downloader malware are now being served in compromised websites by a custom PHP dropper. The big picture The compromised websites include malicious W97M documents which contain VB ...

Stack Overflow mentioned that the attackers gained access to production systems on May 11. However, it says that no customer or user data was breached due to the incident. Stack Overflow, a popular online forum for programmers and computer professionals, was breached by attackers. Production systems belonging to Stack Overflow were the prime target in this incident. Mary Ferguson, Vice ...

The Saudi and Canadian Cyber Security Centres have issued reports on a vulnerability in Microsoft’s SharePoint that is being exploited in the wild. The vulnerability, CVE-2019-0604, has been patched by Microsoft, but if exploited can give an attacker the ability to execute commands and download and upload files, reported AT&T Alien Labs. The malware involved is a backdoor  that is likely an ...

President Trump signed an Executive Order directing the federal government to take critical steps to strengthen America’s cybersecurity workforce. The Executive Order enhances mobility of frontline cybersecurity practitioners, supports the development of their skills to encourage excellence in the field and helps ensure the US keeps its competitive edge in cybersecurity. The United States currently has a shortage of 300,000 cybersecurity practitioners. “America’s cybersecurity practitioners—whether working ...

The fake site is part of a large network of sites that are involved in the distribution of adware bundles as free programs. The site is named as keepass[.]com and contains four links for Windows, Windows Portable, Mac and Linux. A fake site that appears to promote the popular KeePass password management software has been found distributing adware to unsuspecting ...

The leaky database also kept a track of users who clicked on messages through Grand Slam Marketing, another small advertising company. The data exposed in the incident includes MD5-hashed emails, IP addresses, Phone numbers, and ZIP codes. ApexSMS Inc., an SMS text marketing company that also does business under the name of Mobile Drip, has suffered a data breach due ...

Augustana College confirmed that the ransomware infected server contained personal information of students. The college is providing 24 months of complimentary credit monitoring and identity restoration services for all potentially affected individuals. Attackers infected one of the Augustana college’s servers that contained personal information of students with ransomware. What happened? On February 18, 2019, Augustana discovered a ransomware attack on ...