GandCrab, which is provided as ransomware-as-a-service, is expected to shut down operations by next month. The ransomware is said to have at least five variants since its inception last year. The infamous GandCrab ransomware might soon come to an end. In an announcement posted on a hacking forum, the creators of this formidable malware spoke of their decision to stop ...
Read More »Yearly Archives: 2019
Cyber war could cripple a country in a month
Government may not be taking the risk of cyber attack on critical infrastructure seriously enough. So says Veronica Schmitt, academic and Lead Forensic Analyst at DFIR Labs. Speaking at the ITWeb Security Summit 2019 in Sandton today, she said governments tended to react after the fact instead of taking strong proactive measures to protect critical national infrastructure from cyber attacks. However, she also noted ...
Read More »Malspam campaigns target business users with Hawkeye keylogger
Attackers behind this campaign were found to be using spam servers located in Estonia. The targeted industries include transportation and logistics, healthcare, import and export, marketing, agriculture, and others. Researchers from IBM X-Force have observed malspam campaigns targeting business users with the Hawkeye keylogger malware during the last two months. The targeted industries include transportation and logistics, healthcare, import and ...
Read More »ANZ customers fooled into providing banking details in new phishing scam
The phishing emails impersonate the official ANZ online banking website in order to trick customers into handing over their vital banking details. The email is sent with the subject titled: “Successful BPAY Payment Advice”. Australia and New Zealand Banking Group (ANZ) is warning its customers about a new phishing scam that is aimed at stealing users’ banking details. What is ...
Read More »Zebrocy targets Yandex Browser, Chromium and versions of Microsoft Outlook
The first set of commands collect information about the victim’s system and environment. The attackers behind Zebrocy drop dumpers on victims’ computers in order to collect login credentials and private keys from web browsers including Yandex Browser, Chromium, 7Star Browser, CentBrowser, and versions of Microsoft Outlook from 1997 through 2016. Security researchers observed that attackers behind Zebrocy run commands manually ...
Read More »Free decryptor released for GetCrypt ransomware that spreads through RIG exploit kit
GetCrypt uses a combo of Salsa20 and RSA-4096 algorithms to encrypt the victim’s files. While encrypting, it appends a random 4 character extension to the infected files. Users infected by GetCrypt ransomware can now retrieve their encrypted files without paying a ransom. It is possible through a decryptor that has been released by security researchers. What is GetCrypt ransomware? GetCrypt ...
Read More »New spam campaign uses fake legal threats to lure victims
The spam emails, purporting to come from a law firm, tells victims that they are being sued. A phishing kit reported to be a part of the campaign showed that the targets were primarily Canadian businesses. Recently, a unique spam campaign has been uncovered by security researchers, where victims are confronted with fake legal threats. It is believed to have ...
Read More »IT Giant HCL Exposed Employee Passwords and Customer Project Details Online
Multiple subdomains operated by HCL were found to be publicly exposed. The sensitive data exposed includes personal information and plaintext passwords for new hires, customer reports, and dashboards for managing personnel. Indian IT firm HCL has come under the scanner after it left sensitive information such as employee passwords, as well as certain customer details out in the open. The ...
Read More »W97M/Downloader hosted on multiple CMS like Magento, WordPress, and Joomla
This malware campaign has primarily targeted the United States, Germany, India, and the United Kingdom. W97M steals banking login credentials and sends it to .ru websites. Researchers observed that some instances of the W97M/Downloader malware are now being served in compromised websites by a custom PHP dropper. The big picture The compromised websites include malicious W97M documents which contain VB ...
Read More »Cybercriminals break into production systems of Stack Overflow
Stack Overflow mentioned that the attackers gained access to production systems on May 11. However, it says that no customer or user data was breached due to the incident. Stack Overflow, a popular online forum for programmers and computer professionals, was breached by attackers. Production systems belonging to Stack Overflow were the prime target in this incident. Mary Ferguson, Vice ...
Read More »