Cybercrime, FormBook also attacks Defense and Security
Mail from a fake Australian company with a request for a quote. The .zip attachment contains two .exe files. These, if opened, start the malware infection.
U.S. Vote: Someone is still trying to steal personal information via phishing
Proofpoint cybersecurity experts: Hundreds of messages with links sent to recipients across multiple organizations. Cybercrime or Cyber Espionage?
Cybercrime, Dridex associated with false Intuit QuickBooks invoices is back
The email contains a link that downloads a .doc document. This, if opened, contacts a link that downloads a DLL that infects the PC with malware.
Cybercrime, Dridex attacks again with fake ADP mail
The bait is always an attached invoice, an .xlsm file. This, if opened, contacts a link chosen randomly from an internal list that downloads a DLL and infects the PC with malware.
Cybercrime, Agent Tesla now could use Telegram to exfiltrate data
Abuse.ch cybersecurity experts: Corporate web proxy operators shoud block outgoing network traffic towards api.telegram .org. The malware until now exploited FTP or SMTP.
Cybercrime, Agent Tesla attacks with couriers’ bait
The attachment of an email about a fake shipment, if opened, contacts a link from which the malware is downloaded. The data is then exfiltrated via SMTP.
Cybercrime, FormBook is now being sold as “xloader”
The cybersecurity expert Brian Krebs: The malware has undergone a rebrand. Binary is virtually identical, and employs the same "MZ-as-alternative-entrypoint" trick.
Cybercrime, Darkside operators try to pose as modern Robin Hood
Bleeping Computer: They donate $20,000 to Children International and The Water Project. But money comes from ransomware criminal activity, and the organizations won’t keep it.
Cyber Warfare, NSA released advisory on Chinese state-sponsored activity
The U.S. cybersecurity experts: It provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged or scanned.
Cybercrime, new Emotet campaign on real stolen emails
The attachment, if opened, contacts the first available url from a list within it to download the malware from one of the three Epoch botnets.