SonicWall devices infected by malware that survives firmware upgrades
A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that...
OSINT
Police seize Netwire RAT malware infrastructure, arrest admin
An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator...
Microsoft: Business email compromise attacks can take just hours
Microsoft’s Security Intelligence team recently investigated a business email compromise (BEC) attack and found that attackers move rapidly, with some...
Security researchers targeted with new malware via job offers on LinkedIn
A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job...
Xenomorph Android malware now steals data from 400 banks
The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new...
CISA warns of critical VMware RCE flaw exploited in attacks
CISA has added a critical severity vulnerability in VMware's Cloud Foundation to its catalog of security flaws exploited in the...
Mental health provider Cerebral alerts 3.1M people of data breach
Healthcare platform Cerebral is sending data breach notices to 3.18 million people who have interacted with its websites, applications, and...
Blackbaud to pay $3M for misleading ransomware attack disclosure
Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission...
CISA warns of actively exploited Plex bug after LastPass breach
CISA has added an almost three-year-old high-severity remote code execution (RCE) vulnerability in the Plex Media Server to its catalog...
The Week in Ransomware – March 10th 2023 – Police Take Action
This week's biggest news was the coordinated, international law enforcement operation between Europol, the FBI, the Netherlands, Germany, and Ukraine...
Brazil seizing Flipper Zero shipments to prevent use in crime
The Brazilian National Telecommunications Agency is seizing incoming Flipper Zero purchases due to its alleged use in criminal activity, with...
New GoBruteforcer malware targets phpMyAdmin, MySQL, FTP, Postgres
A newly discovered Golang-based botnet malware scans for and infects web servers running phpMyAdmin, MySQL, FTP, and Postgres services. According...
Clop ransomware gang begins extorting GoAnywhere zero-day victims
The Clop ransomware gang has begun extorting companies whose data was stolen using a zero-day vulnerability in the Fortra GoAnywhere...
Daily Vulnerability Trends: Sun Mar 12 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-25690Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow...
HDB Financial Services – 1,658,750 breached accounts
HIBP In March 2023, the Indian non-bank lending unit HDB Financial Services suffered a data breach that disclosed over 70M...
Shopper+ – 878,290 breached accounts
HIBP In March 2023, "Canada's online shopping mall" Shopper+ disclosed a data breach discovered on a public hacking forum. The...
Malware Analysis – djvu – 9afdd4346dfb9c65a40d20f7c4812fed
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: 9afdd4346dfb9c65a40d20f7c4812fedSHA1: 8962acde456e5f1705f35decb2580713a45f3e46ANALYSIS DATE: 2023-03-11T21:13:45ZTTPS: T1005, T1081, T1012, T1082,...
Malware Analysis – djvu – e0a5572580480d3379b920a897a36c61
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: e0a5572580480d3379b920a897a36c61SHA1: 9234dd4da1e0d31d0199664ea78c9cc14aefbee5ANALYSIS DATE: 2023-03-11T21:11:44ZTTPS: T1012, T1082, T1060, T1112,...
Malware Analysis – djvu – ddf6d8dd27744ee84b53ddc102613c99
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: ddf6d8dd27744ee84b53ddc102613c99SHA1: 2c847787379b8d6ebc93d3be41e5ae52f785167bANALYSIS DATE: 2023-03-11T21:32:25ZTTPS: T1005, T1081, T1012, T1060,...
Malware Analysis – banker – 177f323985be212c7eb379585119ecc2
Score: 8 MALWARE FAMILY: bankerTAGS:banker, evasion, ransomwareMD5: 177f323985be212c7eb379585119ecc2SHA1: c9224711a8d504a13e40f506eac01fc810845e8eANALYSIS DATE: 2023-03-11T21:23:58ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – djvu – c3d8c8e1ef1f3dedb48408aef01071db
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: c3d8c8e1ef1f3dedb48408aef01071dbSHA1: 48055804773eafaa0f2e66a7a2311d62a40994d7ANALYSIS DATE: 2023-03-11T21:30:12ZTTPS: T1222, T1060, T1112, T1012,...
Malware Analysis – amadey – 069304440a4fab3ef3f25b90650280aa
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, botnet:pub1, botnet:sprg, backdoor, discovery, ransomware, stealer, trojanMD5: 069304440a4fab3ef3f25b90650280aaSHA1: c38e163e0fc8f9e00e07c1ecde813084659ad714ANALYSIS DATE: 2023-03-11T21:31:50ZTTPS:...
Malware Analysis – djvu – 445bb3a7b52a9bd70494d39aed213729
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: 445bb3a7b52a9bd70494d39aed213729SHA1: 9875a852eef9900ba1d83dc5713468b340c12049ANALYSIS DATE: 2023-03-11T22:45:37ZTTPS: T1222, T1012, T1082, T1005,...
Malware Analysis – amadey – a118a1e07e15162e77cce97c0f921e6a
Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:laplas, family:pseudomanuscrypt, family:smokeloader, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, botnet:pub1, botnet:sprg, backdoor, clipper, discovery, loader, persistence, ransomware, stealer,...
