In recent weeks, we've observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishing document targeting staff at the University of British Columbia (UBC) with a fake COVID-19 survey. However, this attack and motives are different than the ones previously documented. The survey is a malicious Word document whose purpose is to download ransomware and extort victims to recover their encrypted files. READ MORE...
Russian-speaking hacking group Turla has hacked into the systems of an undisclosed European government organization according to a new Accenture Cyber Threat Intelligence (ACTI) report. This attack perfectly lines up with Turla's information theft and espionage motivation and its persistent targeting of government-related entities from a wide range of countries. To compromise the organization's network, the attackers used a combination of recently updated remote administration trojans (RATs) and remote procedure call (RPC)-based backdoors. READ MORE...
The Microsoft Defender Advanced Threat Protection (ATP) endpoint security platform now provides users with a new report designed to help them keep track of vulnerable Windows and macOS devices within their organization's environment. The vulnerable devices report displays graphs with statistics and details on currently vulnerable device trends with the end goal of making it easier for IT administrators to grasp the scope and breadth of device exposure within the organization. READ MORE...
In a joint statement, the U.S. government is warning the healthcare industry that a hacking group is actively targeting hospitals and healthcare providers in Ryuk ransomware attacks. Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) announced a call with the healthcare industry to warn them of an 'Increased and Imminent Cybercrime Threat.' On this call, the U.S. government warned healthcare providers. READ MORE...
The Maze cybercrime gang is shutting down its operations after rising to become one of the most prominent players performing ransomware attacks. The Maze ransomware began operating in May 2019 but became more active in November. That's when the media-savvy operation revolutionized ransomware attacks by introducing a double-extortion tactic. First, they steal your files, then encrypt them. While ransomware operations have always enjoyed taunting news sites and researchers, for the most part, they tended to ignore journalists' emails. READ MORE...
REvil ransomware developers say that they made more than $100 million in one year by extorting large businesses across the world from various sectors. They are driven by profit and want to make $2 billion from their ransomware service, adopting the most lucrative trends in their pursuit of wealth. A REvil representative that uses the aliases "UNKN" and "Unknown" on cybercriminal forums talked to tech blog Russian OSINT offering some details about the group's activity and hints of what they have in store for the future. READ MORE...
Today multiple reports have emerged from Home Depot customers in Canada stating that the company had sent them hundreds of emails containing order information of strangers. Users received upwards of 600 "order ready for pickup" reminder emails and shipment-related notifications, each pertaining to a different order. What alarmed hundreds of users, was the orders were not associated with their Home Depot accounts, and many consider this data leak serious. BleepingComputer has obtained copies of these emails. READ MORE...
Threat actors have started to hunt for servers running Oracle WebLogic instances vulnerable to a critical flaw that allows taking control of the system with little effort and no authentication. The vulnerability leveraged in the attacks is CVE-2020-14882 with a severity rating 9.8 out of 10 that allows compromising systems via a simple HTTP GET request. Oracle fixed the vulnerability in this month's release of Critical Patch Update (CPU). crediting security researcher Voidfyoo of Chaitin Security Research Lab for finding and reporting it. READ MORE...
Hackers could remotely open garage doors and gates by exploiting vulnerabilities found in a gateway device made by Hörmann, researchers warned on Wednesday. Hörmann is a Germany-based company that specializes in home and industrial doors. The company's products are sold in more than 50 countries across North America, Europe and Asia, and according to Wikipedia, it's the fourth largest door manufacturer in the world. Customers who want to control garage doors. READ MORE...