Cybercrime, Yanluowang is a new ransomware used in targeted attacks
Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
Cybercrime, Agent Tesla conveyed to Italy by a false order
The email gz attachment contains an exe: the malware itself. Stolen data is exfiltrated via ftp.
Cyber Espionage, IronHusky targets Defense and IT companies with MysterySnail
Kaspersky cybersecurity experts: The Chinese APT exploits the CVE-2021-40449 zero-day vulnerability in the Win32k kernel driver and the malware to escalate privileges.
Cyber Espionage, Iran DEV-0343 targets US-Israeli technology companies
Microsoft cybersecurity experts: The threat actors conducted extensive password spraying against more than 250 Office 365 tenants, included GIS and Persian Gulf ports.
Cybercrime, FontOnLake is a new malware targeting Linux
ESET cybersecurity experts: To collect data or conduct other malicious activity, it uses modified legitimate binaries that are adjusted to load further components.
Cybercrime, the Silver Terrier groups: who were yesterday and who are today
Palo Alto Networks Unit 42 cybersecurity experts: In 2021 the BEC gangs reduced their activities, but they are still dangerous.
Cybercrime, here it comes the U.S. Ransom Disclosure Act
The bill will give ransomware victims 48 hours to report payments. The goal is to strengthen the DHS knowledge on the gangs and develop a fuller picture of the threat.
Cybercrime, new Hancitor campaign via DocuSign email
The doc attachment is downloaded each time from a different url and contains the dll with the malware. The final payalod is unknown.
Cybersecurity, Airflow exposed credentials of popular services
Intezer: Misconfigured instances include database passwords, API keys, and cloud credentials. Most of them are exposed through insecure coding practices.
Cybercrime, new Agent Tesla campaign via fake automatic invoice email
The img attachment contains an exe: the malware itself. Stolen data is exfiltrated via smtp.