Collaborate Disseminate
An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers (MSPs) and their clients was discovered on July 2. Some of the victims reportedly have been compromised a popular MSP software which led to encryption of their customers. Continue reading REvil ransomware attack against MSPs and its clients around the world
Malicious code was detected in version 3.17.18 of the APKPure alternative app store for Android. We recommend deleting the infected version and installing APKPure 3.17.19 asap. Continue reading Malicious code in APKPure app
The four vulnerabilities inside Microsoft Exchange Server allow an attacker to compromise a vulnerable server. As a result, an attacker will gain access to all registered email accounts, or be able to execute arbitrary code (remote code execution or RCE) within the Exchange Server context. Continue reading Zero-day vulnerabilities in Microsoft Exchange Server
We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs. Continue reading Sunburst: connecting the dots in the DNS requests
The FBI intrusion notification program is one of the most important developments in cyber security during the last 15 years. This program achieved mainstream recognition on 24 March 2014 when Ellen Nakashima reported on it for the Washington Post … Continue reading The FBI Intrusion Notification Program
We are asked in quite some calls, how we handle the pandemic situation at Microsoft. As a lot of us are used to home office, the change is intense but not that big. Customer events were cancelled (as in a lot of other companies as well) or moved to vir… Continue reading Corona and How We Work From Home
We recently discovered a new approach to the well-known distributing malware technique: visitors to infected sites were informed that some kind of security certificate had expired. Continue reading Mokes and Buerak distributed under the guise of security certificates
We discovered what appears to be one of AZORult’s most unusual campaigns: abusing the ProtonVPN service and dropping malware via fake ProtonVPN installers for Windows. Continue reading AZORult spreads as a fake ProtonVPN installer
Recently, we caught a new unknown exploit for Chrome browser. We promptly reported this to the Google. After reviewing of the PoC we provided, the company confirmed there was a zero-day vulnerability and assigned it CVE-2019-13720. Continue reading Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
Recently, the popular CamScanner – Phone PDF creator app caught our attention. After analyzing the app, we saw that the developer added an advertising library to it that contains a malicious dropper component. Continue reading An advertising dropper in Google Play