Cybercrime, Dridex still uses Intuit and the lure of a false invoice
Email attachments, .xlsm documents, contact a link chosen randomly from an internal list. This download a DLL that starts the malware infection.
Cybercrime, QuakBot uses TRAUMALAB INTERNATIONAL APS certificates
The global signed campaign continues. It relies on companies certificates to sign the exe file with malware.
Cybersecurity, ENISA draws up the top cyber threats for EU
The “Threat Landscape 2020” has just been released. Malware is in first place, followed by web-based attack and phishing. COVID-19 fuelled cyber aggressions.
Cybercrime, ABEL RENOVATIONS, INC used in Quakbot signed campaign
It exploits company certificates to sign the executable and decept the anti virus. The malware infection chain is activated by the attachment.
WordPress: New plugin vulnerability. This time it’s up to Realia
Cybersecurity Help: The flaw (CWE-284) exists due to an IDOR issue. A threat actor could send a specially crafted request with the post ID to delete arbitrary posts.
Cybercrime, new Formbook malspam campaign against hotels
The bait is a false booking with a compressed attachment. Inside there is an .exe file from which the malware infection chain starts.
Cybersecurity, Microsoft SharePoint server has a new vulnerability
UK NCSC experts: It’s the CVE-2020-16952. It can be exploited when a user uploads a specially crafted application package to an affected version of SharePoint.
Cybercrime, Emotet returns to hit Italy with a new campaign
The bait is always real stolen email conversations. The doc attachment contacts the first available url from a list within it to start the malware infection.
Cybercrime, new MassLogger campaign on false invoices
The malware infection chain to spread the keylogger is initiated by a .doc document, which contacts a malicious link.
Cybercrime, G7 countries are worried about ransomware attacks
The Group’s Finance Ministers and Central Bank Governors sound the alarm on the malware growing threat and call upon all countries to effectively implement the FATF standards.