North American propane distributor Superior Plus this week announced that it had to shut down certain computer systems after falling victim to a ransomware attack. The company says it discovered the breach on Sunday, December 12, and that, as a response, it took steps to mitigate impact on corporate data and operations. "Superior has temporarily disabled certain computer systems and applications as it investigates this incident and is in the process of bringing these systems back online," the company says. READ MORE...
An Iran-linked hacking group attacked seven Israeli targets over a 24-hour period this week, an Israeli cybersecurity firm said, in the latest episode of cyberwarfare between the rival states. The targets of the attack by the group called "Charming Kitten" included the Israeli "government and business sector", Tel Aviv-based Check Point said in a statement late Wednesday, without providing specifics. READ MORE...
Right in time for the holidays, the notorious Emotet malware is once again directly installing Cobalt Strike beacons for rapid cyberattacks. For those not familiar with Emotet, it is considered one of the most widespread malware infections and is distributed through phishing emails that include malicious attachments. Historically, once a device becomes infected, Emotet will steal a victim's email to use in future campaigns and then drops malware payloads, such as TrickBot and Qbot. READ MORE...
The previously shutdown Phorpiex botnet has re-emerged with new peer-to-peer command and control infrastructure, making the malware more difficult to disrupt. The botnet first launched in 2016 and quickly accumulated a massive army of over 1 million devices over the years. The malware generates revenue for its developers by swapping cryptocurrency addresses copied to the Windows clipboard with addresses under their control or by spamming sextortion emails to scare people into paying an extortion demand. READ MORE...
A novel remote access trojan (RAT) being distributed via a Russian-language spear-phishing campaign is using unique manipulation of Windows Registry to evade most security detections, demonstrating a significant evolution in fileless malware techniques. Dubbed DarkWatchman, the RAT - discovered by researchers at Prevailion's Adversarial Counterintelligence Team (PACT) - uses the registry on Windows systems for nearly all temporary storage on a machine and thus never writes anything to disk. READ MORE...
Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access (OWA). Internet Information Services (IIS), Microsoft's web server/web-hosting software suite, can be extended via various add-ons that are known as modules. Like plugins for WordPress or Chrome extensions, IIS modules offer an attractive way to side-load malicious features into web-facing applications. READ MORE...
Last Thursday, the world learned of an in-the-wild exploitation of a critical code-execution zero-day in Log4J, a logging utility used by just about every cloud service and enterprise network on the planet. Open source developers quickly released an update that patched the flaw and urged all users to install it immediately. Now, researchers are reporting that there are at least two vulnerabilities in the patch, released as Log4J 2.15.0. READ MORE...