Threat Intelligence

26 04, 2018

Drupalgeddon2 Attack Puts Sites at Risk Worldwide

By |2018-04-26T17:01:53-07:00April 26th, 2018|Threat Intelligence|Comments Off on Drupalgeddon2 Attack Puts Sites at Risk Worldwide

Drupal, a popular open-source content management system (CMS) used by more than a million sites worldwide, published yesterday another security advisory rated as highly critical in response to the Drupalgeddon2 attack. This is the third security advisory from Drupal within the last 30 days. Drupalgeddon2 Vulnerability On March 28, Drupal published CVE-2018-7600. Dubbed Drupalgeddon2, the [...]

12 04, 2018

Hackers Disrupt Critical Infrastructure Network Using Cisco Smart Install Flaw

By |2018-04-12T15:29:36-07:00April 12th, 2018|Threat Intelligence, Vulnerability & Threat Management|Comments Off on Hackers Disrupt Critical Infrastructure Network Using Cisco Smart Install Flaw

During the past week, Cisco’s Smart Install Client tool had been compromised by attackers, causing disruptions of the communication infrastructure of approximately 200,000 Cisco routers worldwide. Cisco’s Smart Install Client is a piece of software which allows customers to deploy new switches remotely with no additional configuration requirements. The vulnerability allows for the misuse of [...]

29 03, 2018

The Cryptomining Malware Family

By |2018-03-29T11:54:39-07:00March 29th, 2018|Threat Intelligence|Comments Off on The Cryptomining Malware Family

Cryptominers have become their own class of malware, growing in popularity as a low-risk, high-reward way for cybercriminals to make an easy crypto-buck. In this post, we’ll look at the members of the cryptomining malware family and their techniques. Browser-Based Cryptomining Software CoinHive, Crypto-Loot and JSEcoin allow website owners to legitimately monetize website traffic. Favoring [...]

28 03, 2018

Cryptominers More Lucrative, Lower Risk Than Ransomware

By |2018-03-29T11:56:41-07:00March 28th, 2018|Threat Intelligence|Comments Off on Cryptominers More Lucrative, Lower Risk Than Ransomware

If 2017 was the year of high-profile data breaches and ransomware attacks, 2018 seems to be the year of cryptocurrency-related malware. Cryptominers managed to impact 23 percent of organizations globally. Cryptomining is relatively new, and not all of it is purely malicious. Some cryptominers are considered to be legitimate techniques to gain cryptocurrency, akin to [...]

20 02, 2018

Triton Malware Can Remotely Target Critical Infrastructure

By |2018-02-20T13:46:44-07:00February 20th, 2018|Threat Intelligence|Comments Off on Triton Malware Can Remotely Target Critical Infrastructure

Triton malware (aka TRISIS) has joined the limited list of publicly identified malware targeted at operational technology (OT) networks. Other occupants of this small-but-mighty category include Stuxnet (2010), Shamoon (2012), Shamoon 2 (2016) and Industroyer (2016). In August of 2017, the Triton malware was observed to be targeting Schneider Electric’s Triconex safety instrumented system (SIS) [...]

14 02, 2018

Top Malware in 2018: What to watch for

By |2018-02-14T14:41:58-07:00February 14th, 2018|Threat Intelligence|Comments Off on Top Malware in 2018: What to watch for

The new Vulnerability and Threat Trends Report released by Skybox includes security analyst research of the vulnerabilities, exploits and threats that in play today. The report includes the a list of the top malware in 2018 that businesses and critical infrastructure organizations should watch out for, including ransomware, OT malware and banking Trojans. To read [...]

6 02, 2018

North Korea Uses Adobe Flash Zero-Day to Target South

By |2019-03-08T12:51:50-07:00February 6th, 2018|Threat Intelligence|Comments Off on North Korea Uses Adobe Flash Zero-Day to Target South

On January 31, an Adobe Flash zero-day vulnerability was identified by the South Korea’s KISA (KrCERT/CC). North Korean threat actors were targeting South Korean entities. It was exploited in the wild since as early as November 14, 2017. Today, seven days after the publication of the Flash zero-day, Adobe published APSB18-03 that resolves this issue. Flash Zero-Day [...]

3 01, 2018

Intel Vulnerability at Processor Chip Level Will Affect Performance

By |2018-01-04T12:20:42-07:00January 3rd, 2018|Threat Intelligence|Comments Off on Intel Vulnerability at Processor Chip Level Will Affect Performance

An update to this post is available here. A fundamental chip–level design flaw in the Intel processor chip is leading a significant redesign of the Linux, Windows and XNU kernels. In other words, the processor is vulnerable, but the fix is at the operating system level. The solution is to separate the kernel's memory completely [...]

20 11, 2017

Terdot Resurrects Zeus Banking Trojan, Bigger and Badder Than Before

By |2019-03-08T12:56:08-07:00November 20th, 2017|Threat Intelligence|Comments Off on Terdot Resurrects Zeus Banking Trojan, Bigger and Badder Than Before

Zeus, king of malware, is back … again. The notorious banking Trojan was first seen in 2010. The following year, its source code leaked, and it has borne many variants since. Researchers at Bitdefender have published a whitepaper on one recent iteration, first observed back in October 2016: Terdot. Terdot is More Than Meets the [...]

25 10, 2017

Bad Rabbit Relies on Social Engineering, Not Exploits

By |2017-10-26T10:13:44-07:00October 25th, 2017|Threat Intelligence|Comments Off on Bad Rabbit Relies on Social Engineering, Not Exploits

Yesterday, researchers at Kaspersky observed notifications of a large–scale attack for the ransomware dubbed “Bad Rabbit.” Similar to Petya (a.k.a. NotPetya, ExPetr), the attack is bringing back bad and all–too–recent memories of global ransomware outbreaks. Bad Rabbit shares 67 percent of its code with Petya, which suggests the authors behind the attack are the same, [...]