Secureworks has recently discovered a threat actor whose business email compromise (BEC) campaigns focus solely on global maritime shipping companies and their customers. Named GOLD GALLEON, the group is said to have attempted to steal at least $3.9 million from their intended victims between June 2017 and January 2018 alone. Overall, […]
Experts spotted spam campaigns delivering XTRAT and DUNIHI backdoors bundled with the Adwind RAT
Security experts at Trend Micro have spotted spam campaigns delivering XTRAT and DUNIHI Backdoors and Loki malware bundled with the Adwind RAT. Malware researchers at Trend Micro have uncovered a spam campaign that delivers the infamous Adwind RAT (aka jRAT) alongside the XTRAT backdoor (aka XtremeRAT) and the Loki info stealer. In a separate Adwind RAT spam campaign, the researchers observed […]
Google Discloses Windows Lockdown Policy Zero-Day
Google Discloses Unpatched Windows Lockdown Policy Bypass A Windows 10 vulnerability that could bypass Windows Lockdown Policy and result in arbitrary code execution remains unpatched 90 days after Microsoft has been informed on the bug’s existence. On systems with User Mode Code Integrity (UMCI) enabled, a .NET bug can be […]
CVE-2018-0229 flaw in SAML implementation threatens Firepower, AnyConnect and ASA products
Cisco has announced a set of security patches that address the CVE-2018-0229 vulnerability in its implementation of the Security Assertion Markup Language (SAML). The CVE-2018-0229 flaw could be exploited by an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. “A vulnerability […]
SunTrust unfaithful employee may have stolen data on 1.5 Million customers
SunTrust Banks Inc announced it discovered that a former employee may have attempted to download information on nearly 1.5 million clients and share it a criminal organization. A former employee at the SunTrust Bank may have stolen data on 1.5 million clients, including names, addresses, phone numbers, and account balances. “The […]
Health Stream left exposed online a database containing contact data for roughly 10,000 medics
An IT professional has discovered that the US healthcare company Health Stream left exposed online contact information for roughly 10,000 medics. The IT expert Brian Wethern has discovered that the US healthcare company Health Stream left exposed online a database containing contact information for roughly 10,000 medics. Wethern reported his discovery to Health Stream ten […]
Unscrupulous crooks behind the RansSIRIA Ransomware try to exploit attentions on Syrian refugee crisis
Unscrupulous crooks behind the RansSIRIA Ransomware try to exploit attentions on Syrian refugee crisis Researchers at MalwareHunterTeam have discovered a new strain of ransomware called RansSIRIA that encrypts victim’s files and then states it will donate the ransom to Syrian refugees. Unscrupulous cybercriminals try to exploit every situation, even the most dramatic incidents. […]
Microsoft Ports Anti-Phishing Technology to Google Chrome Extension
Microsoft has released a Chrome extension named « Windows Defender Browser Protection » that ports Windows Defender’s —and inherently Edge’s— anti-phishing technology to Google Chrome. The extension works by showing bright red-colored pages whenever users are tricked into accessing malicious links. The warnings are eerily similar to the ones that Chrome natively shows via […]
At least 20 Million Chrome users have installed malicious Ad Blockers from Chrome store
A security researcher has discovered five malicious Ad Blockers extensions in the Google Chrome Store that had been installed by at least by 20 million users. The security researcher Andrey Meshkov, co-founder of Adguard, has discovered five malicious Ad Blockers extensions in the Google Chrome Store that had been installed […]
Private Intelligence agency LocalBlox leaked 48 Million personal data records
The private intelligence agency LocalBlox has left unsecured online an AWS bucket containing 48 million records that were also harvested from Facebook, LinkedIn, and Twitter. Oops … another data breach made the headlines and once again it was discovered by data leak hunters at Upguard. The private intelligence agency LocalBlox has […]