Ransomware impacts over 200 govt, edu, healthcare orgs in 2022
Ransomware attacks in 2022 impacted more than 200 hundred larger organizations in the U.S. public sector in the government, educational,...
Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks
More than 60,000 Microsoft Exchange servers exposed online are yet to be patched against the CVE-2022-41082 remote code execution (RCE)...
Synology fixes maximum severity vulnerability in VPN routers
Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers. The...
BleepingComputer’s most popular cybersecurity stories of 2022
It was a big year for cybersecurity in 2022 with massive cyberattacks and data breaches, innovative phishing attacks, privacy concerns,...
BitRAT malware campaign uses stolen bank data for phishing
Threat actors behind a recent malware campaign have been using the stolen information of bank customers in Colombia as lures...
Rail giant Wabtec discloses data breach after Lockbit ransomware attack
U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information. Wabtec is...
Royal ransomware claims attack on Queensland University of Technology
The Royal ransomware gang has claimed responsibility for a recent cyberattack on the Queensland University of Technology and begun to...
Ongoing Flipper Zero phishing attacks target infosec community
A new phishing campaign is exploiting the increasing interest of security community members towards Flipper Zero to steal their personal...
Poland warns of attacks by Russia-linked Ghostwriter hacking group
The Polish government is warning of a spike in cyberattacks from Russia-linked hackers, including the state-sponsored hacking group known as...
PXEThief – Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager
PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out...
Malware Analysis – discovery – f3257310b37b572a371c05dd0bb419ef
Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploit, persistenceMD5: f3257310b37b572a371c05dd0bb419efSHA1: 6c9354a3bb7246af254f00b4adb01b556adc1e8eANALYSIS DATE: 2023-01-03T15:00:01ZTTPS: T1050, T1012, T1060, T1222, T1082 ScoreMeaningExample10Known badA malware family...
Malware Analysis – evasion – f714964febf0482d0781116faf95c797
Score: 8 MALWARE FAMILY: evasionTAGS:evasion, ransomware, upxMD5: f714964febf0482d0781116faf95c797SHA1: 41a1ab64d4ac85618a2241581b8c5c9b98691577ANALYSIS DATE: 2023-01-03T15:07:20ZTTPS: T1082, T1012, T1120, T1158 ScoreMeaningExample10Known badA malware family was...
Malware Analysis – ransomware – a41afe748aed818ab6ac94e81bdde610
Score: 10 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: a41afe748aed818ab6ac94e81bdde610SHA1: 9468012acf6df7a0e593f41e0da8123f541277dfANALYSIS DATE: 2023-01-03T15:28:36ZTTPS: T1107, T1490 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – evasion – cd8762aee748f0147c99d59c397f0116
Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: cd8762aee748f0147c99d59c397f0116SHA1: b79ae2bcf1409cf560ece2d14f4102c013aea248ANALYSIS DATE: 2023-01-03T15:42:44ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – djvu – 6f589d70ab9654b5266ad9fe1eed2e3e
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 6f589d70ab9654b5266ad9fe1eed2e3eSHA1: b4da2aadd70c7787dd6d09e185173da9790ae43fANALYSIS DATE: 2023-01-03T15:54:07ZTTPS: T1082, T1012, T1005, T1081,...
Malware Analysis – djvu – 42cd30f9e9cb1715d3b9e2f38617f9de
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 42cd30f9e9cb1715d3b9e2f38617f9deSHA1: a765a8172e191f1a6d243a1a4b6dfdedc2e179f7ANALYSIS DATE: 2023-01-03T16:32:51ZTTPS: T1005, T1081, T1060, T1112,...
Malware Analysis – djvu – ca36f7252b0fc1f54c7d1f4c554f4e83
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: ca36f7252b0fc1f54c7d1f4c554f4e83SHA1: d42db97d04c519fac40d4a641eea0f868375d32bANALYSIS DATE: 2023-01-03T17:04:47ZTTPS: T1053, T1012, T1060, T1112,...
Cobalt Stike Beacon Detected – 193[.]201[.]9[.]189:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 43[.]140[.]200[.]42:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 43[.]138[.]138[.]159:8887
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 47[.]93[.]235[.]240:8989
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 154[.]26[.]192[.]35:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 185[.]225[.]73[.]244:8080
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – ransomware – e231d644f5b878acd617f35994acd50d
Score: 8 MALWARE FAMILY: ransomwareTAGS:ransomwareMD5: e231d644f5b878acd617f35994acd50dSHA1: 45bc0cded34342459efa7312a7a68d8788daff20ANALYSIS DATE: 2023-01-03T09:21:12ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known damaging...
