Posts

FEATURED

Cisco Talos finds ObliqueRAT

"ObliqueRAT: New RAT hits victims' endpoints via malicious documents" via Asheer Malhotra | Cisco Blogs Threat Research
• "Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread a remote access trojan (RAT) we're calling "ObliqueRAT." These maldocs use malicious macros to deliver the second stage RAT payload.This campaign appears to target organizations in Southeast Asia.Network based detection, although important, should be combined with endpoint protections to combat this threat and provide multiple layers of security. What's New? Cisco Talos has recently discovered a new campaign distributing a malicious remote access trojan (RAT) family we're calling "ObliqueRAT." Cisco Talos also discovered a link between ObliqueRAT and another campaign from December 2019 distributing CrimsonRAT sharing similar maldocs and macros. CrimsonRAT has been known to target diplomatic and gover…

APIs In The Crosshairs of Financial Sector CyberAttacks

"Most credential abuse attacks against the financial sector targeted APIs" via Help Net Security
"From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly. According to the report's findings, from December 2017 through November 2019, 85,422,079,109 credential abuse attacks were observed. Nearly 20 percent, or 16,557,875,875, were against "
More detail here:
https://www.helpnetsecurity.com/2020/02/20/credential-abuse-attacks/

Websites Are Being Hit With Extortion

"AdSense Extortionists Threaten to Trigger Google Fraud Alarms" - Infosecurity Magazine

"Websites that use AdSense are being targeted with extortion threats to overwhelm the sites with fake traffic, triggering Google's anti-fraud system, which would suspend the AdSense accounts. One website owner told a security researcher that a hacker demanded $5,000 in bitcoin to stop the attack; Google is telling website owners to report the threats immediately."

More details here:
https://www.infosecurity-magazine.com/news/adsense-extortionists-trigger/

Update Glitch Wipes User Files

"Windows 10 KB4532693 Update Bug Reportedly Deletes User Files" via Lawrence Abrams | Bleeping Computer

“The Windows 10 KB4532693 update appears to be buggier than originally thought as users are reporting that the update is deleting their files.”
More details here:

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4532693-update-bug-reportedly-deletes-user-files/

OpenSSH 8.2 Making Things Easier

"OpenSSH eases admin hassles with FIDO U2F token support" via John E Dunn | Naked Security
"OpenSSHversion 8.2is out and the big news is that the world's most popular remote management software now supports authentication using any FIDO (Fast Identity Online) U2F hardware token.
SSH offers a range of advanced security features but it is still vulnerable to brute force attacks that try large numbers of passphrases until they hit upon the right one."   More details here: https://nakedsecurity.sophos.com/2020/02/19/openssh-eases-admin-hassles-with-fido-u2f-token-support/



Online Betting And Gambling Sites Breached

"Chinese hackers have breached online betting and gambling sites" via Catalin Cimpanu | ZDNet
"Since the summer of 2019, a group of professional Chinese hackers has been targeting and hacking into companies that run online gambling and online betting websites. According to reports published this week by cyber-security firms Talent-Jump and Trend Micro, hacks have been officially confirmed at gambling companies located in Southeast Asia, while unconfirmed rumors of additional hacks have also come from Europe and the Middle East."
More details here: https://www.zdnet.com/article/chinese-hackers-have-breached-online-betting-and-gambling-sites/#ftag=CAD-03-10abf5f