Collaborate Disseminate
BadRabbit, a new version of NotPetya, also has an infector allowing for lateral movements. However, unlike NotPetya, it does not use EternalBlue and uses a website to drop its payload. We take a closer look at this new ransomware variant.
Categor… Continue reading BadRabbit: a closer look at the new version of Petya/NotPetya
When people think about phishing, their mind often turns immediately to ransomware. And for good reason. After all, there have been dozens of high profile ransomware attacks in recent months.
But you know what? An even greater proportion of phishing lures don’t contain ransomware. Instead of extorting money from you, they have an ulterior motive: they’re designed to steal your identity.
Well, OK. They’re designed to steal your login credentials… but in reality that isn’t far short of stealing your identity.
The post Credential Theft: How To Spot a Phish appeared first on Security Boulevard.
A few days ago, Magnitude EK resurfaced, this time with a new payload that targets only the country of South Korea. It’s called Magniber ransomware.
Categories:
Malware
Threat analysis
Tags: asiamagnibermagnitude EKransomware
(Read more…)
… Continue reading Magniber ransomware: exclusively for South Koreans
An old Microsoft Office feature has been brought back to the forefront as way to distribute malware without relying on macros or exploits.
Categories:
Malware
Threat analysis
Tags: DDEDDEAUTOmacromalspammalwaremicrosoftOfficeword
(Read more…. Continue reading Old MS Office feature weaponized in malspam attacks
Originating in India around 2008, tech support scams are a simple and effective way of preying on individuals’ fear.
In its earliest form, the tech support scam involved a scammer cold-calling English speaking countries, and claiming to represent Microsoft Technical Support. The victim would be informed that their machine was infected with malware, and that the caller would help them remove it if granted access to the machine.
Naturally, once access was granted, the scammer would “fix” the problem and promptly demand payment.
The post Tech Support Scams: How To Spot a Phish appeared first on Security Boulevard.
A Remote Administration Tool (RAT) is delivered via an unusual route: a benign-looking Microsoft Word document with an ulterior motive.
Categories:
Exploits
Threat analysis
Tags: CVE-2017-0199CVE-2017-8759exploitsratWord exploits
(Read more…. Continue reading Decoy Microsoft Word document delivers malware through a RAT
A recent attack uses existing LinkedIn user accounts to send phishing links to their contacts via private message but also to external members via email.
Categories:
Social engineering
Threat analysis
Tags: gmailinmailLinkedInmalwarephishingscamSocia… Continue reading Compromised LinkedIn accounts used to send phishing links via private message and InMail
A look at how expired domain names can be turned into a lucrative malicious traffic redirection tool.
Categories:
Malware
Threat analysis
Tags: domainmalvertisingmalwareregistrantregistrartech support scam
(Read more…)
The post Expired domain na… Continue reading Expired domain names and malvertising
Locky attempts to evade detection by relying once more on simply, yet effective user interaction.
Categories:
Malware
Threat analysis
Tags: Lockymacroransomwareword
(Read more…)
The post Locky ransomware adds anti sandbox feature appeared first … Continue reading Locky ransomware adds anti sandbox feature
We review a trick that the Magnitude exploit kit uses to bypass security scanners.
Categories:
Exploits
Threat analysis
Tags: binary paddingcerberexploit kitgateMagnigatemagnitude EKransomwareXML
(Read more…)
The post Cerber ransomware delivered… Continue reading Cerber ransomware delivered in format of a different order of Magnitude