In this post, we develop new Internet scanning techniques to identify 45 countries in which operators of NSO Group’s Pegasus spyware may be conducting operations. Key Findings Between August 2016 and August 2018, we scanned the Internet for servers associated with NSO Group’s Pegasus spyware. We found 1,091 IP addresses […]
Haythem Elmir
Old WordPress Plugin Being Exploited in RCE Attacks
Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks. Researchers are warning that attackers are abusing a vulnerability in WordPress site admins’ outdated versions of a migration plugin called Duplicator – allowing them to execute remote code. Made by Snap Creek Software, all Duplicator plugins […]
Police in Europe Tie Card Fraud to People-Smuggling Gang
Two Syrians Accused of Buying Stolen Corporate Card Data to Mask Activities Coordinated police raids in Germany and Sweden have resulted in the arrest of two individuals suspected of running a cyber fraud gang that used stolen payment card data to book hundreds of airline and train tickets to help […]
New Brrr Dharma Ransomware Variant Released
A new variant of the Dharma Ransomware was released this week that appends the .brrr extension to encrypted files. This variant was first discovered by Jakub Kroustek who tweeted a link to the sample on VirusTotal. Below I have outlined how this ransomware infects a computer, what happens when your files […]
New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms
Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers. Xbash was developed using Python, […]
LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company
What happened? Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. These implants were injected by the digitally signed 32- and 64-bit network filtering driver NDISProxy. Interestingly, this driver is signed with a digital certificate that belongs to […]
Google Android team found high severity flaw in Honeywell Android-based handheld computers
Experts at the Google Android team have discovered high severity privilege escalation vulnerability in some of Honeywell Android-based handheld computers. Security experts from the Google Android team have discovered a high severity privilege escalation vulnerability in some of Honeywell Android-based handheld computers that could be exploited by an attacker to gain elevated privileges. According […]
MageCart Attackers Compromise Cloud Service Firm Feedify
Hundreds of e-commerce Sites Impacted by MageCart Compromise of Cloud Service Provider Payment card data from customers of hundreds of e-commerce websites may have been stolen after the MageCart threat actors managed to compromise customer engagement service Feedify. Feedify, which claims to have over 4,000 customers, provides customers with various […]
Nigerian Fraudster Who Stole Millions Heads to U.S. Prison
A Nigerian man was sentenced in Manhattan federal court to 60 months in prison for his role in fraudulent business email compromise (BEC) scams, the United States Department of Justice announced this week. The man, Onyekachi Emmanuel Opara, 30, of Lagos, Nigeria, was charged for defrauding thousands of victims of more […]
Wannamine Malware Still Penetrate the Unpatched SMB Computers using NSA’s EternalBlue Exploit
Cryptomining based Wannamine malware outbreak still actively attacking the windows users around the globe that using NSA exploit Eternalblue to penetrate the unpatched SMB enabled computers to gain high privileged access. Eternalblue Exploit leaked from NSA last year that made a huge impact around the world by exploiting the SMB flow and that […]