Attack Analysis – WindowsTechs.com

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

Posted on October 19, 2020 by Tara Seals

Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours. Continue reading Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack→

Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex

Posted on June 24, 2020 by Arnold Osipov

The Morphisec Labs team has tracked an obfuscated VBScript package in campaigns since March 2020. Initially, the malware campaign was focused on targets within Germany, but has since moved on to additional targets–excluding any IP address within … Continue reading Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex→

ConnectWise Control Abused Again to Deliver Zeppelin Ransomware

Posted on December 18, 2019 by Alon Groisman

In April 2019, attackers who breached IT supplier Wipro leveraged the ConnectWise Control (formerly ScreenConnect) remote desktop application as a major component of their attack.
The post ConnectWise Control Abused Again to Deliver Zeppelin Ranso… Continue reading ConnectWise Control Abused Again to Deliver Zeppelin Ransomware→

Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks

Posted on September 13, 2019 by Tara Seals

At every turn, the info-stealer uses legitimate services to get around normal email, endpoint and network defenses. Continue reading Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks→

Security Alert: FIN8 is Back in Business, Targeting the Hospitality Industry

Posted on June 10, 2019 by Michael Gorelik

During the period of March to May 2019, Morphisec Labs observed a new, highly sophisticated variant of the ShellTea / PunchBuggy backdoor malware that attempted to infiltrate a number of machines within the network of a customer in the hotel-enter… Continue reading Security Alert: FIN8 is Back in Business, Targeting the Hospitality Industry→

A look at Hworm / Houdini AKA njRAT

Posted on May 13, 2019 by Arnold Osipov

Hworm/njRAT is a Remote Access Tool (RAT) that first appeared in 2013 in targeted attacks against the international energy industry, primarily in the Middle East. It was soon commoditized and is now part of a constantly evolving family… Continue reading A look at Hworm / Houdini AKA njRAT→

Phone Motion Sensors: The New Attack Vector

Posted on January 23, 2019 by Marc Handelman

Quite likely, this subterfuge attack, utilizing one of the more clever methods to evade detection to date, is the new attaque-du-jour.
The post Phone Motion Sensors: The New Attack Vector appeared first on Security Boulevard.
Continue reading Phone Motion Sensors: The New Attack Vector→

Proof(s)

Posted on May 26, 2018 by Marc Handelman

Kevin Hartnett, Senior Writer at Quanta Magazine, expounds on the notion of formal code verification when utilzied to provide assurance of attack-proof code… Similar to unsinkable ocean liners, or truly attack-proof? Or, is it only a matter of time … Continue reading Proof(s)→

Six Years The Lurker

Posted on March 12, 2018 by Marc Handelman

Illustration from the Kaspersky Labs Document.
Dan Goodin, writing at ArsTechnica, provides us with the surreptitious history of the malice-filled code-miscreant APT monikered Slingshot; of which, is apparently an alternatative mwthod of describing t… Continue reading Six Years The Lurker→

Apple, Heal Thyself

Posted on February 15, 2018 by Marc Handelman

Felix Krause, well-known founder of fastlane, has discovered a procedural + programmatic heretofore undiscussed attack vector of rather gaping proportions… Namely, the capability of any Mac application to leverage connectivity to the desktop screen … Continue reading Apple, Heal Thyself→