June 15th, 2022 by hankshelp
“Microsoft on Tuesday released software updates to fix 60 security vulnerabilities in its Windows operating systems and other software, including a zero-day flaw in all supported Microsoft Office versions on all flavors of Windows that’s seen active exploitation for at least two months now. On a lighter note, Microsoft is officially retiring its Internet Explorer (IE) web browser, which turns 27 years old this year.”
Posted in Malware, Newsletters, Patches, Updates | No Comments »
June 3rd, 2022 by hankshelp
“A vulnerability dubbed “Follina” could allow attackers to gain full system control of affected systems. Learn more about it and how to protect yourself from it,”
“A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.”
Posted in Malware, Phishing, Scams | No Comments »
December 15th, 2021 by hankshelp
“This page contains an overview of any related software regarding the Log4j vulnerability. On this page NCSC-NL will maintain a list of all known vulnerable and not vulnerable software. Furthermore any reference to the software will contain specific information regarding which version contains the security fixes, and which software still requires mitigation. Please note that this vulnerability may also occur in custom software developed within your organization. These occurrences are not registered in this overview.“
Posted in Malware | No Comments »
July 26th, 2021 by hankshelp
“Microsoft released the first Windows 11 Insider Preview build on June 28, and has been frequently updating it in the past month or so, with the latest build landing just over a day ago. While the process to upgrade your existing PC to Windows 11 is fairly simple in the sense that you just have to enroll your machine into the Dev channel of the Windows Insider Program and have the build seeded to you, many have been trying other methods of obtaining unofficial ISOs and are being infected with malware instead.”
Posted in Malware | No Comments »
July 20th, 2021 by hankshelp
“Microsoft’s Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company’s customers.
The domains taken down by Microsoft were so-called “homoglyph” domains registered to resemble those of legitimate business. This technique allowed the threat actors to impersonate companies when communicating with their clients.
According to the complaint filed by Microsoft last week (more details available in the court order), they used the domains registered via NameSilo LLC and KS Domains Ltd./Key-Systems GmbH as malicious infrastructure in BEC attacks against Office 365 customers and services.”
Posted in Identity Theft, Malware, Ransomware, Scams | No Comments »
May 5th, 2021 by hankshelp
“Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.”
Posted in Identity Theft, Malware, Phishing | No Comments »
April 30th, 2021 by hankshelp
“A financially motivated threat actor exploited a zero-day bug in Sonicwall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets.
The group, tracked by Mandiant threat analysts as UNC2447, exploited the CVE-2021-20016 Sonicwall vulnerability to breach networks and deploy FiveHands ransomware payloads before patches were released in late February 2021.
Prior to deploying the ransomware payloads, UNC2447 was also observed using Cobalt Strike implants for gaining persistence and installing a SombRAT backdoor variant, a malware first spotted in the CostaRicto campaign coordinated by a group of mercenary hackers.
The zero-day was also exploited in attacks targeting SonicWall’s internal systems in January and later abused indiscriminately in the wild.”
Posted in Identity Theft, Malware | No Comments »
April 26th, 2021 by hankshelp
“A ransomware gang has made $260,000 in just five days simply by remotely encrypting files on QNAP devices using the 7zip archive program.
Starting on Monday, QNAP NAS users from all over the world suddenly found their files encrypted after a ransomware operation called Qlocker exploited vulnerabilities on their devices.”
Posted in Malware, Ransomware | No Comments »