Flash Advisories

12
Nov

SquirrelWaffle Leverages malspam to deliver Qakbot

Flash Advisories SquirrelWaffle Leverages malspam to deliver Qakbot Recently, a new threat, referred to as “SquirrelWaffle” is being spread more widely via spam campaigns, infecting systems with a new malware loader. This is a malware family that’s been spread with increasing regularity and could become the next big player in the spam space. SquirrelWaffle provides threat actors with an initial

Read more

30
Sep

FAMOUSSPARROW: A SUSPICIOUS HOTEL GUEST

Flash Advisories FamousSparrow: A suspicious hotel guest Yet another APT group that exploited the ProxyLogon vulnerability in March 2021 ESET researchers have uncovered a new cyberespionage group targeting hotels, governments, and private companies worldwide.They have named this group FamousSparrow and believe it has been active since at least 2019. Reviewing telemetry data during their investigation, they realized that FamousSparrow leveraged

Read more

12
Aug

New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices

Flash Advisories New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices A new variant of eCh0raix ransomware targeting Synology network-attached storage (NAS) and Quality Network Appliance Provider (QNAP) NAS devices. To achieve this, attackers are also leveraging CVE-2021-28799 to deliver the new eCh0raix ransomware variant to QNAP devices.  While eCh0raix is known ransomware that has historically targeted QNAP

Read more

5
Aug

Solarmarker InfoStealer Malware Is Back

Flash Advisories Solarmarker InfoStealer Malware Is Back Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what’s a “highly modular” .NET-based information stealer and keylogger, charting the course for the threat actor’s continued evolution while simultaneously remaining under the radar. Dubbed “Solarmarker,” the malware campaign is believed to be active since September

Read more

29
Jul

Spanish Language Lures used to Distribute Seldom Observed Bandook Malware

Flash Advisories Spanish Language Lures used to Distribute Seldom Observed Bandook Malware Proofpoint researchers identified a new group, TA2721 distributing Spanish-language email threats. The group often targets individuals with Spanish-language surnames at global organizations representing multiple different industries. The infection chain features a PDF containing a URL that leads to an encrypted RAR file which installs Bandook malware.  The threat

Read more

22
Jul

BIOPASS RAT-New Malware Sniffs Victims via Live Streaming

Flash Advisories BIOPASS RAT-New Malware Sniffs Victims via Live Streaming BIOPASS RAT possesses basic features found in other malware, such as file system assessment, remote desktop access, file exfiltration, and shell command execution. It also has the ability to compromise the private information of its victims by stealing web browser and instant messaging client data. What makes BIOPASS RAT particularly

Read more

22
Jul

Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions

Flash Advisories Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions A recently discovered Bash ransomware piqued interest in multiple ways. Upon investigating, it was found that the attack chain is fully implemented as a bash script, but it also seems that the scripts are still under development.  Most components of this attack mainly target Red Hat and CentOS

Read more

28
Jun

Bizarro banking Trojan expands its attacks to Europe

Flash Advisories Bizarro banking Trojan expands its attacks to Europe Bizarro is yet another banking Trojan family originating from Brazil that is now found in other regions of the world. Users are being targeted in Spain, Portugal, France and Italy. Attempts have now been made to steal credentials from customers of 70 banks from different European and South American countries.

Read more

22
Jun

Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability

Flash Advisories Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability In January, appeared a new ransomware using .hello as its extension in one of our cases that possibly arrived via a SharePoint server vulnerability. This appeared to be a new ransomware family dubbed as the Hello ransomware (aka WickrMe), named after the chat application that was used to

Read more

21
May

Proxylogon: A Coinminer, a Ransomware, and a Botnet Join the Party

Flash Advisories Proxylogon: A Coinminer, a Ransomware, and a Botnet Join the Party The emergence of several zero-day exploits relating to ProxyLogon, a Microsoft Exchange Server vulnerability that was discovered in late 2020, has allowed several threat actors to carry out attacks against unpatched systems. Three malware families taking advantage of the ProxyLogon vulnerability beginning in March: the coinminer LemonDuck

Read more