Top Cyber Security Informer Information Security IoT Content for February, 2020

Joker malware still able to bypass Google Play Store checks

Security Affairs

FEBRUARY 22, 2020

Once the malware has checked the region of the target device, it will contact the C2 server to load a configuration file containing a URL for another payload that is downloaded and executed. The subscription process is totally invisible to the user because the URLs for the premium services are opened in a hidden webview.

Malware

Malware Spyware Advertising Mobile

Handling Huge Traffic Spikes with Azure Functions and Cloudflare

Troy Hunt

FEBRUARY 25, 2020

Think about it - you've got some hundreds of thousands (or even millions) of people watching the show and the HIBP URL appears in front of them all at exactly the same time. They simultaneously pick up their phones, enter the URL and smash the service, all within a very small window of time.

Data breaches

Data breaches Accountability

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs. This is the first time that TA505 uses this technique, in the past, the group used spam messages carrying the malware as an attachment or used malicious URLs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Security Intelligence Banking Phishing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

Security Affairs

FEBRUARY 17, 2020

URL used by document to download the second stage. Analyzing the content of “ templates.vbs ” it is possible to notice that it define a variable containing a URL like “ hxxp://get-icons.]ddns.]net/ADMIN-PC_E42CAF54//autoindex.]php Browser view of the URL “masseffect.]space”. Overview of the document. Conclusion.

Malware

Malware Advertising Engineering Hacking

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

Attackers, in order to exploit the issue, have to find a vulnerable server exposed online, search for email addresses they collect from the Outlook Web Access (OWA) portal URL, and use data from previous data breaches to launch a credential stuffing attack. pic.twitter.com/Kp3zOi5AOA — Kevin Beaumont (@GossiTheDog) February 25, 2020.

Internet

Internet Internet Authentication Advertising

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

US agencies also updated information included in a MARs report on the HOPLIGHT proxy-based backdoor trojan that was first analyzed in April 2019.

Malware

Malware Passwords Advertising Antivirus

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Security Affairs

FEBRUARY 26, 2020

Figure 2: URL in the dropper configuration. The sample showed an interesting behavior, it established a TLS protected connection to a file sharing platform named “share.]dmca.]gripe”, gripe”, possibly to avoid reputation warnings raised by next-gen firewalls. Figure 3: Dashboard of the file hosting service used.

Cyber Attacks

Cyber Attacks Malware Social Engineering Advertising

Microsoft announces the launch of a bug bounty program for Xbox

Security Affairs

FEBRUARY 2, 2020

Since launching in 2002, the Xbox network has enabled millions of users to share their common love of gaming on a safe and secure service.

Advertising

Advertising Hacking Information Security

Lampion malware v2 February 2020

Security Affairs

FEBRUARY 24, 2020

Several devices have been infected when the victims open the zip file downloaded from the URL embedded in the malicious email that lures the Portuguese Government Finance & Tax (ATA) , Energias de Portugal (EDP) , and more recently the DPD firm – an international parcel delivery service.

Malware

Malware Banking Antivirus Advertising

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

FEBRUARY 21, 2020

When the C2 sends some commands to instruct the bot, the malware downloads and executes other two components, which are two DLLs downloaded from the following URLs: http[://awsyscloud[.com/E@t!aBbU0le8hiInks/B/3500/m1ssh0upUuchCukXanevPozlu[.dll aBbU0le8hiInks/B/3500/m1ssh0upUuchCukXanevPozlu[.dll dll http[://awsyscloud[.com/E@t!aBbU0le8hiInks/D/3500/p2ehtHero0paSth3end.dll.

Malware

Malware Architecture Advertising Encryption

Winnti APT Group targeted Hong Kong Universities

Security Affairs

FEBRUARY 1, 2020

Experts discovered samples from both ShadowPad and Winnti at the universities that were containing campaign identifiers and C&C URLs with the names of the universities, a circumstance that indicates a highly targeted attack. ” continues the report. ” continues the report.

Malware

Malware Advertising Encryption Hacking

Iran-linked APT group Charming Kitten targets journalists, political and human rights activists

Security Affairs

FEBRUARY 7, 2020

The spear-phishing messages use links in the footnotes, including social media links, WSJ and Dow Jones websites, that are all in the short URL format. When the victims click on them, they are redirected to legitimate addresses while getting basic information about the victim’s device (i.e.

Phishing

Phishing Advertising Malware Media

Is Cloud Storage Safe From Ransomware?

Spinone

FEBRUARY 18, 2020

When the macro is enabled by the end-user, the VBS-coded Trojan will download the actual ransomware payload RANSOM_CERBER.CAD from a random malicious URL. It does this by attaching malicious Office documents via SPAM emails. Ransomcloud How safe is the cloud from ransomware? Until recently, it was relatively sage. But things have changed.

Ransomware

Ransomware Encryption Malware Backups

Cyber Security Informer

February, 2020

Joker malware still able to bypass Google Play Store checks

Handling Huge Traffic Spikes with Azure Functions and Cloudflare

Webinars

Trending Sources

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Webinars

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Microsoft announces the launch of a bug bounty program for Xbox

Lampion malware v2 February 2020

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Winnti APT Group targeted Hong Kong Universities

Iran-linked APT group Charming Kitten targets journalists, political and human rights activists

Is Cloud Storage Safe From Ransomware?

Stay Connected