Recent Comments



    Archive for Malware

    SOftware exposed by

    December 15th, 2021 by

    Log4j overview related software

    This page contains an overview of any related software regarding the Log4j vulnerability. On this page NCSC-NL will maintain a list of all known vulnerable and not vulnerable software. Furthermore any reference to the software will contain specific information regarding which version contains the security fixes, and which software still requires mitigation. Please note that this vulnerability may also occur in custom software developed within your organization. These occurrences are not registered in this overview.

    Posted in Malware | No Comments »

    Beware Fake Windows 11 installers

    July 26th, 2021 by

    Fake Windows 11 installers are being used to distribute malware

    Microsoft released the first Windows 11 Insider Preview build on June 28, and has been frequently updating it in the past month or so, with the latest build landing just over a day ago. While the process to upgrade your existing PC to Windows 11 is fairly simple in the sense that you just have to enroll your machine into the Dev channel of the Windows Insider Program and have the build seeded to you, many have been trying other methods of obtaining unofficial ISOs and are being infected with malware instead.”

    Posted in Malware | No Comments »

    Microsoft takes down domains used to scam Office 365 users

    July 20th, 2021 by

    Microsoft takes down domains used to scam Office 365 users

    “Microsoft’s Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s customers.

    The domains taken down by Microsoft were so-called “homoglyph” domains registered to resemble those of legitimate business. This technique allowed the threat actors to impersonate companies when communicating with their clients.

    According to the complaint filed by Microsoft last week (more details available in the court order), they used the domains registered via NameSilo LLC and KS Domains Ltd./Key-Systems GmbH as malicious infrastructure in BEC attacks against Office 365 customers and services.”

    Posted in Identity Theft, Malware, Ransomware, Scams | No Comments »

    Using MyBook? Disconnect from the Internet and read here!

    June 26th, 2021 by

    MyBook Users Urged to Unplug Devices from Internet

    “Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.”

    Posted in Malware, Security Breeches | No Comments »

    More Phishing attacks on Office 365

    May 5th, 2021 by

    Malicious Office 365 Apps Are the Ultimate Insiders

    “Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.”

    Posted in Identity Theft, Malware, Phishing | No Comments »

    SonicWall Breached

    April 30th, 2021 by

    New ransomware group uses SonicWall zero-day to breach networks

    “A financially motivated threat actor exploited a zero-day bug in Sonicwall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets.

    The group, tracked by Mandiant threat analysts as UNC2447, exploited the CVE-2021-20016 Sonicwall vulnerability to breach networks and deploy FiveHands ransomware payloads before patches were released in late February 2021.

    Prior to deploying the ransomware payloads, UNC2447 was also observed using Cobalt Strike implants for gaining persistence and installing a SombRAT backdoor variant, a malware first spotted in the CostaRicto campaign coordinated by a group of mercenary hackers.

    The zero-day was also exploited in attacks targeting SonicWall’s internal systems in January and later abused indiscriminately in the wild.”

    Posted in Identity Theft, Malware | No Comments »

    Ransomware: $260K USD in 5 days!

    April 26th, 2021 by

    A ransomware gang made $260,000 in 5 days using the 7zip utility

    “A ransomware gang has made $260,000 in just five days simply by remotely encrypting files on QNAP devices using the 7zip archive program.

    Starting on Monday, QNAP NAS users from all over the world suddenly found their files encrypted after a ransomware operation called Qlocker exploited vulnerabilities on their devices.”

    Posted in Malware, Ransomware | No Comments »

    Ever use ParkMobile app? You may have been compromised!

    April 13th, 2021 by

    ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

    “Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.”

    Posted in Malware, Newsletters, Security Breeches | No Comments »

    Your Exchange Server Hacked? Not by Brian Krebs!!

    March 29th, 2021 by

    No, I Did Not Hack Your MS Exchange Server

    “New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name.”

    Posted in Identity Theft, Malware, Security Breeches | No Comments »

    New Chrome Zero Day Flaw

    March 16th, 2021 by

    Google Warns Mac, Windows Users of Chrome Zero-Day Flaw

    “The use-after-free vulnerability is the third Google Chrome zero-day flaw to be disclosed in three months.

    Google is hurrying out a fix for a vulnerability in its Chrome browser that’s under active attack – its third zero-day flaw so far this year. If exploited, the flaw could allow remote code-execution and denial-of-service attacks on affected systems.

    The vulnerability exists in Blink, the browser engine for Chrome developed as part of the Chromium project. Browser engines convert HTML documents and other web page resources into the visual representations viewable to end users.”

    Posted in Identity Theft, Malware, Patches, Security Breeches | No Comments »

    « Previous Entries