I know what you did last summer, MuddyWater blending in the crowd
Introduction MuddyWater is an APT with a focus on governmental and telco targets in the Middle East (Iraq, Saudi Arabia, Bahrain, Jordan, Turkey and Lebanon) and also a few other countries in nearby regions (Azerbaijan, Pakistan and Afghanistan). MuddyWater first surfaced in 2017 and has been active continuously, targeting a large number of organizations. First […] more…AESDDoS Botnet Malware Exploits CVE-2019-3396 to Perform Remote Code Execution, DDoS Attacks, and Cryptocurrency Mining
By Augusto II Remillano Our honeypot sensors recently detected an AESDDoS botnet malware variant (detected by Trend Micro as Backdoor.Linux.AESDDOS.J) exploiting a server-side template injection vulnerability (CVE-2019-3396) in the Widget Connector macro in Atlassian Confluence Server, a collaboration software program used by DevOps professionals. We discovered that this malware variant can perform DDoS attacks, remote code […] more…Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers
by Marco Dela Vega, Jeanne Jocson and Mark Manahan Over the years, Emotet, the banking malware discovered by Trend Micro in 2014, has continued to be a prevalent and costly threat. The United States government estimates that an Emotet incident takes an organization US $1 million to remediate. Unfortunately, it is a widespread and particularly resilient […] more…Effective Endpoint Security Strategy 101
Every organization wants to expedite processes, reduce costs, and bolster their staff. And in today’s modern digital world, these objectives are largely attainable, but can occasionally come with some unwarranted side effects. With all the devices an organization uses to achieve its business’ goals, things can occasionally get lost in the shuffle, and cybersecurity issues […] more…Uncovering CVE-2019-0232: A Remote Code Execution Vulnerability in Apache Tomcat
by Santosh Subramanya and Raghvendra Mishra Apache Tomcat, colloquially known as Tomcat Server, is an open-source Java Servlet container developed by a community with the support of the Apache Software Foundation (ASF). It implements several Java EE specifications, including Java Servlet, JavaServer Pages (JSP), Java Expression Language (EL), and WebSocket, and provides a “pure […] more…Potential Targeted Attack Uses AutoHotkey and Malicious Script Embedded in Excel File to Avoid Detection
By: Hiroyuki Kakara and Kazuki Fujisawa, Cyber Threat Research Team We discovered a potential targeted attack that makes use of legitimate script engine AutoHotkey,in combination with malicious script files. This file is distributed as an email attachment and disguised as a legitimate document with the filename “Military Financing.xlsm.” The user would need to enable macro […] more…Respawn Halted Development of Another Game to Make Star Wars Jedi Fallen Order
EA is known for pushing developers around and it often has a major role when it comes to deciding stuff in the development process. The company has got a lot of heat in recent years for doing this and it seems that EA has done the same yet again with Respawn. It turns out that Respawn […] more…Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse
By Augusto Remillano II and Arvin Macaraeg We detected a malware that uses multiple propagation and infection methods to drop a Monero cryptocurrency miner onto as many systems and servers as possible. Initially observed in China in early 2019, the methods it previously used to infect networks involved accessing weak passwords and using pass-the-hash technique, […] more…6 Steps to Follow When Doing Financial Planning
You have probably wondered what financial planning procedure professional’s use for their clients. But what you do not know is that you can do most of what these pros do while at home. Here are the six steps for financial planning that you can follow to achieve financial success. 1. Define the Relationship If you […] more…When to Get VAT Registered After a New Company is Formed
VAT registration is necessary for many businesses in the UAE. All businesses who cross a certain threshold have to get registered for VAT. If they do not do so, they might get penalized. Value Added Tax (VAT) Value Added Tax or VAT is the tax issued on goods and services. It was introduced in UAE […] more…Gaza Cybergang Group1, operation SneakyPastes
Gaza Cybergang(s) is a politically motivated Arabic-language cyberthreat actor, actively targeting the MENA (Middle East North Africa) region, especially the Palestinian Territories. The confusion surrounding Gaza Cybergang’s activities, separation of roles and campaigns has been prevalent in the cyber community. For a while, the gang’s activities seemed scattered, involving different tools and methods, and different […] more…Project TajMahal – a sophisticated new APT framework
Executive summary ‘TajMahal’ is a previously unknown and technically sophisticated APT framework discovered by Kaspersky Lab in the autumn of 2018. This full-blown spying framework consists of two packages named ‘Tokyo’ and ‘Yokohama’. It includes backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers, screen and webcam grabbers, documents and cryptography key stealers, and even its […] more…Phishing Attack Uses Browser Extension Tool SingleFile to Obfuscate Malicious Log-in Pages
by Samuel P Wang (Fraud Researcher) The effectiveness of phishing makes it a permanent staple of a cybercrime. The concept behind phishing itself is simple — lure an unsuspecting victim to download a file or click a link by posing as something legitimate — but the strategies used by cybercriminals have become increasingly sophisticated. While […] more…Update: Notice: alerts.it.psu.edu will be retired
Reminder: The alerts.it.psu.edu site will be retired starting on April 17. If you want to request an alert, please see the updated Penn State IT Alerts Process (http://smo.psu.edu/updated-it-alerts-process/) or call the on-duty Incident Manager at 814-867-0295. Alert Information: An updated Penn State IT Alerts process (http://smo.psu.edu/updated-it-alerts-process/) will result in the discontinuation of this website and […] more…TYPO3 Overtakes WordPress as Most Attacked CMS Due to Popularity
It all started with a Twitter Poll we put out a couple of weeks ago, trying to find out what is the most used CMS by our customers. We added the usual suspects in the poll options; WordPress, Joomla, Drupal. We casually added an “Other” option, just in case someone was using a rare CMS […] more…Emotet-Distributed Ransomware Loader for Nozelesn Found via Managed Detection and Response
By Erika Mendoza, Jay Yaneza, Gilbert Sison, Anjali Patil, Julie Cabuhat, and Joelson Soares Through our managed detection and response (MDR) monitoring, we discovered the modular Emotet malware distributing the Nymaim malware, which then loads the Nozelesn ransomware. We detected this particular Emotet variant in one of our monitored endpoints in the hospitality industry in […] more…More information
- Palo Alto Networks Zingbox Inspector CVE-2019-15022 ARP Spoofing Vulnerability
- Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedback Friday
- Facebook will be closed for maintenance between Feb 29-31 – joke chain letter spreads
- Why WordPress Gets Hacked
- In memoriam – Mavis Batey MBE, codebreaker extraordinaire at Bletchley Park
- Smile this Black Friday, you might well be on camera!
- Microsoft Windows JET Database Engine CVE-2019-0902 Remote Code Execution Vulnerability
- Czech President Wants Hacker ‘Extradited to Russia’ Not US
- Settlement Reached in Investors’ Lawsuit Against Meta CEO Mark Zuckerberg and Other Company Leaders
- 75% of Teens Don’t Tell Parents About Negative Online Experiences