Cybercrime, Agent Tesla now could use Telegram to exfiltrate data
Abuse.ch cybersecurity experts: Corporate web proxy operators shoud block outgoing network traffic towards api.telegram .org. The malware until now exploited FTP or SMTP.
Cybercrime, Agent Tesla attacks with couriers’ bait
The attachment of an email about a fake shipment, if opened, contacts a link from which the malware is downloaded. The data is then exfiltrated via SMTP.
Cybercrime, FormBook is now being sold as “xloader”
The cybersecurity expert Brian Krebs: The malware has undergone a rebrand. Binary is virtually identical, and employs the same "MZ-as-alternative-entrypoint" trick.
Cybercrime, Darkside operators try to pose as modern Robin Hood
Bleeping Computer: They donate $20,000 to Children International and The Water Project. But money comes from ransomware criminal activity, and the organizations won’t keep it.
Cyber Warfare, NSA released advisory on Chinese state-sponsored activity
The U.S. cybersecurity experts: It provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged or scanned.
Cybercrime, new Emotet campaign on real stolen emails
The attachment, if opened, contacts the first available url from a list within it to download the malware from one of the three Epoch botnets.
Cybercrime, Dridex still uses Intuit and the lure of a false invoice
Email attachments, .xlsm documents, contact a link chosen randomly from an internal list. This download a DLL that starts the malware infection.
Cybercrime, QuakBot uses TRAUMALAB INTERNATIONAL APS certificates
The global signed campaign continues. It relies on companies certificates to sign the exe file with malware.
Cybersecurity, ENISA draws up the top cyber threats for EU
The “Threat Landscape 2020” has just been released. Malware is in first place, followed by web-based attack and phishing. COVID-19 fuelled cyber aggressions.
Cybercrime, ABEL RENOVATIONS, INC used in Quakbot signed campaign
It exploits company certificates to sign the executable and decept the anti virus. The malware infection chain is activated by the attachment.